I'd really appreciate to hear other Sitebricks users do for XSS prevention and if there is a way to ensure HTML escaping of all data inserted into HTML templates except when you explicitly want to output raw text.IMHO it would have been a huge security boost if all ${value} were HTML escaped by Sitebricks by default, and require use of something like @RawText() to output raw text.
--
You received this message because you are subscribed to the Google Groups "Google Sitebricks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-sitebri...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.