|
|
|
|
|
|
by xxs
707 days ago
|
|
|
I have never sanitized any input, full respect to whatever text there is. It's simple - html/xml/javascript/json/url is not text. You render it with whatever tools you have to - and that tools happen not to be concat. You render xml - use DOM, xslt, etc. html - same story, use whatever templating engine you wish. json - use your own model and render it to json. SQL - prepared statements. |
|
|