|
|
|
|
|
|
by jeremyjh
1119 days ago
|
|
|
Untrusted input has to be escaped before injecting it into an HTML document, or else there is a script injection vulnerability when text from one user is executed as script in another user's browser. Good templating systems eliminate this possibility through parameter systems, but maybe those are still considered string templating systems? |
|
|