Hacker News new | past | comments | ask | show | jobs | submit login

I googled SXML and it appears to be have implementation libraries in lots of languages. This is not the core language's standard library.



What do you put as the distinguishing feature between "core language standard library" and "comes with the language at installation"?

Some example: https://www.gnu.org/software/guile/manual/html_node/Reading-... (no installation of anything third party required)


Alright, let's go with widely-used programming languages for now - I've been programming for over 20 years and never heard of Guile.

I am not against the idea of having native protections built into stdlib, we can agree there, but it's disingenuous to suggest that this problem is unique to PHP as the parent comment suggested. It's the same in all of the major programming languages used to spit out HTML as far as I can tell.


Oh, very much so. I don't doubt it. Most of them are doing it wrong, fiddling with strings, instead of structured data, which HTML would lend itself really nicely to. Especially PHP, with its "output HTML" in-built mentality should have gotten it right, but did not. Many others did not do any better.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: