

Building a Web Server in Go: Database Accesses - lettergram
http://austingwalters.com/building-a-web-server-in-go-database-accesses/

======
st3fan
Your example is vulnerable to a persistent cross site scripting attack. Since
there is no input validation in the bookHandler and no output sanitization in
the last snippet, an attacker can insert books with for example a script in
the title and then use that to take control of the session when the book title
is rendered.

I know it blurs examples to include that nasty security stuff, but the state
of web app security in general is pretty bad. I think the world needs good
examples that show how to prevent these basic attacks.

