Comments on: The Wrong Defaults http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/ Sat, 10 Dec 2011 22:23:35 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: dom http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/#comment-26 dom Sat, 06 Jun 2009 19:11:10 +0000 http://happygiraffe.net/2005/11/26/the-wrong-defaults/#comment-26 @ejunker — WooHoo! There's hope yet! @ejunker — WooHoo! There’s hope yet!

]]> By: ejunker http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/#comment-25 ejunker Fri, 05 Jun 2009 15:29:40 +0000 http://happygiraffe.net/2005/11/26/the-wrong-defaults/#comment-25 The Python web framework Django also escapes template variables by default. The Python web framework Django also escapes template variables by default.

]]> By: dom http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/#comment-24 dom Fri, 05 Jun 2009 11:25:32 +0000 http://happygiraffe.net/2005/11/26/the-wrong-defaults/#comment-24 That's awesomely good news. Hopefully something as high-profile as Rails will cause other people to follow suite… That’s awesomely good news. Hopefully something as high-profile as Rails will cause other people to follow suite…

]]> By: Kyle http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/#comment-23 Kyle Fri, 05 Jun 2009 09:29:02 +0000 http://happygiraffe.net/2005/11/26/the-wrong-defaults/#comment-23 There's hope yet. In fact Rails 3 has this default set (all output is escaped, you must manually unescape it if you want raw output). I imagine that many frameworks will follow suit in the coming year. There’s hope yet. In fact Rails 3 has this default set (all output is escaped, you must manually unescape it if you want raw output). I imagine that many frameworks will follow suit in the coming year.

]]> By: Jabbering Giraffe - JSPs in Maven http://happygiraffe.net/blog/2005/11/26/the-wrong-defaults/#comment-22 Jabbering Giraffe - JSPs in Maven Sat, 27 Dec 2008 19:50:43 +0000 http://happygiraffe.net/2005/11/26/the-wrong-defaults/#comment-22 [...] like freemarker or velocity. But JSP is standard, and it’s everywhere. Despite it’s inability to be secure, it is convenient. And that’s gotta count for something [...] [...] like freemarker or velocity. But JSP is standard, and it’s everywhere. Despite it’s inability to be secure, it is convenient. And that’s gotta count for something [...]

]]>