On Sat, Sep 11, 2021 at 07:28:43PM +0200, Tomas Hlavaty wrote:
> On Sat 11 Sep 2021 at 18:11, Jean-Christophe Helary
> <li...@traduction-libre.org> wrote:
> > (prin "<" C D " id=\"h" D "-" E "\">")
> > which would give us:
> > <h2 id="h2-My heading">My heading</h2>
>
> What if the value of E is something like
>
> "><script>alert('xss');</script>In final code this would be written as (ht:Prin E) ☺/ A!ex -- UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
