|
|
|
|
|
|
by andreidd
1823 days ago
|
|
|
> My answer is to use tools that handle this correctly on the output side (a good db library, an ORM, an HTML template library with auto-escaping, and so on). Came here to say exactly this! Unless you're building raw SQL queries out of the strings, or you're using them in element.innerHtml, then you should not have to worry about it. Django ORM / Django templates / React / Vue /... will correctly escape stuff for you. |
|
|