Y
Hacker News
new
|
ask
|
show
|
jobs
by
kayodelycaon
1331 days ago
Ruby on Rails pretty much handles this. Regular strings are always escaped in views. Only html_safe strings will emit html. For user input, you should always use the sanitize method instead of raw. :)
1 comments
jiggawatts
1330 days ago
Razor pages in ASP will do this too:
https://learn.microsoft.com/en-us/dotnet/api/system.web.ihtm...
link