Simon Willison’s Weblog

18th December 2021

None

TIL Safely outputting JSON — Carelessly including the output of `json.dumps()` in an HTML page can lead to an XSS hole, thanks to the following:

Posted 18th December 2021 at 1:06 am

Recent articles

Claude Opus 4.8: "a modest but tangible improvement" - 28th May 2026
I think Anthropic and OpenAI have found product-market fit - 27th May 2026
Notes on Pope Leo XIV's encyclical on AI - 25th May 2026

This is a beat by Simon Willison, posted on 18th December 2021.

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe