Hello provides great protection from XSS by escaping output to webpages, but it only does it in HTML context. XSS can be executed when user input is inserted into javascript or CSS, which have different context and rules than HTML, so HTML context escaping doesn't help/protect.
Are there any remote chance of django escaping extending to other contexts beside HTML? -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
