|
|
|
|
|
|
by foota
703 days ago
|
|
|
It's buried a bit in the article, but if you have to sanitize input to allow only some kinds of inputs (e.g., specific tags), you should really be parsing it fully to an AST and then acting on that (or using a library doing the same) since otherwise you're going to be subject to all sorts of pain. |
|
|
https://lexi-lambda.github.io/blog/2019/11/05/parse-don-t-va...