Yeah, that is how I expect a templating system to work. The one in Rails (modifi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jeltz on Nov 23, 2011 \| parent \| context \| favorite \| on: Scala Feels like EJB 2 Yeah, that is how I expect a templating system to work. The one in Rails (modified ERB)works in the same way. It has a SafeBuffer (name taken from memory) class which is a subclass of String. Strings can be converted into the safe class either by escaping or through unsafe conversion which emans that we say the string is safe.

gtani on Nov 23, 2011 [–]

It's tricky. Note activity this week around getting XSS protection right

http://weblog.rubyonrails.org/

I'm not that familiar with lift and Yesod, but it seems like they're both able to use compile-time checks as additional layers of protection.

https://github.com/dpp/liftweb/wiki/lifts-security

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact