Understood, but if I insert a string into a database that looks like this: <scri... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		robertlagrant 9 days ago \| parent \| context \| favorite \| on: GNU Artanis – A fast web application framework for... Understood, but if I insert a string into a database that looks like this: `<script>alert("yoov bin acked")</script>` And that's my username, if it's naively inserted inside some HTML it'll look like HTML to a browser. So I was wondering if this framework auto-HTML-escapes strings inserted into places where text can go.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact