Most HTML templating languages are written incorrectly. “If you ever find yourself in the position of designing an html template language, please make the default behavior when including variables be to HTML-escape them.” I couldn’t agree more.
Recent articles
- My Lethal Trifecta talk at the Bay Area AI Security Meetup - 9th August 2025
- The surprise deprecation of GPT-4o for ChatGPT consumers - 8th August 2025
- GPT-5: Key characteristics, pricing and model card - 7th August 2025