[rvdm]

I'd love to see these more basic security guidelines included in the documentations of frameworks and packages using these technologies and the online resources teaching them.

In the last few years plenty of fantastic, user-friendly online learning resources have popped up teaching all the cool things you can do with code but very few of them ever mention security. And all too rarely do github repos mention 'Watch out! This could be dangerous!'.

Teaching security always feels like someone else problem. I'm all for many more articles like this one!

[collyw]

To be fair, the authors of frameworks probably know more about security than your average user of the framework. The first time I heard of CSFR was when I couldn't get my Django forms working and had to read up on why.