Yeah, that is how I expect a templating system to work. The one in Rails (modifi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jeltz on Nov 23, 2011 | parent | context | favorite | on: Scala Feels like EJB 2

Yeah, that is how I expect a templating system to work. The one in Rails (modified ERB)works in the same way. It has a SafeBuffer (name taken from memory) class which is a subclass of String. Strings can be converted into the safe class either by escaping or through unsafe conversion which emans that we say the string is safe.

gtani on Nov 23, 2011 [–]

It's tricky. Note activity this week around getting XSS protection right

http://weblog.rubyonrails.org/

I'm not that familiar with lift and Yesod, but it seems like they're both able to use compile-time checks as additional layers of protection.

https://github.com/dpp/liftweb/wiki/lifts-security

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact