Mike Samuel of the Google Caja team (and much more) has a fantastically detailed document on the choices for secure String interpolation in JavaScript. He spends a lot of time discussing: Cataloging the most common vulnerabilities Various alternatives such as templating, DOM manipulation, and tainting Goals and Non-Goals Design and Implementation Benchmarking the choices There are a large number of examples a […]

More: continued here