> > clojars uses > https://github.com/ato/clojars-web/blob/master/src/clojars/web/safe_hiccup.clj > > which automatically escapes.
But that double escapes attribute values if you don't put them in raw-calls. On Monday, September 2, 2013 6:32:59 AM UTC+2, Ivan Kozik wrote: > > On Sun, Sep 1, 2013 at 7:06 PM, Vincent Ambo <taz...@gmail.com<javascript:>> > wrote: > > * How and where do we prevent XSS attacks? Do we have templating engines > > that escape things unless told otherwise, or - if not - do these > features > > exist in the form of a helper function? If yes, where? (And so on...) > > clojars uses > https://github.com/ato/clojars-web/blob/master/src/clojars/web/safe_hiccup.clj > > which automatically escapes. > > Ivan > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
