I agree with you that an automatic default implementation is far better than lea... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ngneer on May 26, 2023 \| parent \| context \| favorite \| on: That people produce HTML with string templates is ... I agree with you that an automatic default implementation is far better than leaving it to a human. I also agree with your examples on where and when it could be done. Lamentably, security is not free. Input sanitization is required because programs exhibit data-dependent behavior (which is what makes them useful), that can cause them to do weird things when working with weird data. We mostly tend to "forget" to ensure our programs exhibit "correct" behavior for all data, but sadly no one else can do it for us.

lelanthran on May 26, 2023 [–]

To be honest, I rarely forget about security, but I don't want to have to remember.

What I want is to have my runtime/framework/language drop me into the pit of success (a popular phrase, might even have it's own Wikipedia page)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact