Simon Willison’s Weblog

15th April 2007 - Link Blog

Most HTML templating languages are written incorrectly. “If you ever find yourself in the position of designing an html template language, please make the default behavior when including variables be to HTML-escape them.” I couldn’t agree more.

Posted 15th April 2007 at 8:28 pm

Recent articles

Writing about Agentic Engineering Patterns - 23rd February 2026
Adding TILs, releases, museums, tools and research to my blog - 20th February 2026
Two new Showboat tools: Chartroom and datasette-showboat - 17th February 2026

This is a link post by Simon Willison, posted on 15th April 2007.

daniel-martin 1 security 575 templating 7 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe