It's not a poor example, and it's not about sending the document without tags. I... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

defen on Sept 16, 2011 | parent | context | favorite | on: Break Google

It's not a poor example, and it's not about sending the document without tags. It's about whether special characters should be escaped, and the answer depends on the Content-Type that the client requested.

Peaker on Sept 17, 2011 [–]

A framework could use static types to tag whether it is escaped or not.

Then, the framework could map different kinds of requests (e.g: raw content vs. html content) to different types.

Then, the only way to convert between the types are functions that do proper escaping.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact