- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Thu, 26 Aug 2010 16:10:49 -0400
On Thu, Aug 26, 2010 at 5:58 AM, Julian Reschke <julian.reschke at gmx.de> wrote: > Not convinced. There's already one way to escape these things, and this is > supported in all UAs. Adam gave two examples of cases where htmlspecialchars() is insufficient, even if authors do use it. This proposal is completely general and will work anywhere, even in <script>. Is automated general escaping even possible right now in <script> for text/html?
Received on Thursday, 26 August 2010 13:10:49 UTC