I'll admit that HTML escaping tag was probably a bad example. It was just for show, nothing more, and obviously I wouldn't recommend it for production.
On Thu, Dec 13, 2018 at 14:00 Mark Miller <[email protected]> wrote: > As a completely separate point, this way of escaping html is not context > sensitive, and likely horribly unsafe. Much of the motivation for template > literals in the first place is to support context sensitive escaping, where > the escaping of the x data in > > ```js > safeHTML`....${x}....` > ``` > > depends on where in the html parsing of the literal parts it is > encountered. See the work of Mike Samuel (cc'ed). >
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
