Comments on: The Wrong Defaults http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/ Tue, 16 Feb 2010 16:00:50 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: dom http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/comment-page-1/#comment-1039 dom Sat, 06 Jun 2009 19:11:10 +0000 tag:happygiraffe.net:Article114#comment-1039 @ejunker — WooHoo! There's hope yet! @ejunker — WooHoo! There’s hope yet!

]]> By: ejunker http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/comment-page-1/#comment-1036 ejunker Fri, 05 Jun 2009 15:29:40 +0000 tag:happygiraffe.net:Article114#comment-1036 The Python web framework Django also escapes template variables by default. The Python web framework Django also escapes template variables by default.

]]> By: dom http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/comment-page-1/#comment-1035 dom Fri, 05 Jun 2009 11:25:32 +0000 tag:happygiraffe.net:Article114#comment-1035 That's awesomely good news. Hopefully something as high-profile as Rails will cause other people to follow suite… That’s awesomely good news. Hopefully something as high-profile as Rails will cause other people to follow suite…

]]> By: Kyle http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/comment-page-1/#comment-1034 Kyle Fri, 05 Jun 2009 09:29:02 +0000 tag:happygiraffe.net:Article114#comment-1034 There's hope yet. In fact Rails 3 has this default set (all output is escaped, you must manually unescape it if you want raw output). I imagine that many frameworks will follow suit in the coming year. There’s hope yet. In fact Rails 3 has this default set (all output is escaped, you must manually unescape it if you want raw output). I imagine that many frameworks will follow suit in the coming year.

]]> By: Jabbering Giraffe - JSPs in Maven http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/comment-page-1/#comment-897 Jabbering Giraffe - JSPs in Maven Sat, 27 Dec 2008 19:50:43 +0000 tag:happygiraffe.net:Article114#comment-897 [...] like freemarker or velocity. But JSP is standard, and it’s everywhere. Despite it’s inability to be secure, it is convenient. And that’s gotta count for something [...] [...] like freemarker or velocity. But JSP is standard, and it’s everywhere. Despite it’s inability to be secure, it is convenient. And that’s gotta count for something [...]

]]>