Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems
Blog de Simon Willison Posted on April 14, 2009
Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems (via). The Google Online Security Blog reminds us that simply HTML-escaping everything isn’t enough—the type of escaping needed depends on the current markup context, for example variables inside JavaScript blocks should be escaped differently. Google’s open source Ctemplate library uses an HTML parser to keep track ...
django-gae2django
Blog de Simon Willison Posted on March 9, 2009
django-gae2django. An implementation of the Google App Engine API (datastore, memcache, urlfetch, users and mail) that runs on Django, allowing you to take an existing application written for App Engine and deploy it on your own server on top of Django.
YouTube: djangocon tag
Blog de Simon Willison Posted on September 16, 2008
YouTube: djangocon tag. Google have started posting videos of presentations at DjangoCon on YouTube.
DjangoCon and PyCon UK
Blog de Simon Willison Posted on September 15, 2008
September is a big month for conferences. DjangoCon was a weekend ago in Mountain View (forcing me to miss both d.Construct and BarCamp Brighton), PyCon UK was this weekend in Birmingham, I’m writing this from @media Ajax and BarCamp London 5 is coming up over another weekend at the end of this month. As always, I’ve been ...
Primeras impresiones en Google Plex
Blog Yaco Posted on September 6, 2008
En resumen, al llegar a GooglePlex, la primera impresión me resulta que es como una especie de Yaco pero de dimensiones extraordinarias, y con mucho dinero para invertir en el bienestar de los trabajadores, y en mantener un tono freaky en todo esto.
En principio, todo está muy colorido (sillas de distintos colores en las salas de conferencia, una de ...
