Not trying to be snarky, but if the goal was to show why you shouldn't do something like this, you've succeeded.
Would you consider rewriting something like this in rust or go, and doing a comparison? I think you would have found things to combat XSS in either of those languages (safe templating), would be interested to see the differences... And if any of those languages deliver on their promise to be safer than C
Would you consider rewriting something like this in rust or go, and doing a comparison? I think you would have found things to combat XSS in either of those languages (safe templating), would be interested to see the differences... And if any of those languages deliver on their promise to be safer than C