Safe Defaults Important

I finally had a little time over last weekend to continue working on horsetrailratings.com, starting to incorporate some feedback from JJ, who was kind enough to do a code review of my little application and fill me in on some of the best practices in the (Python) web application space. Embarrassingly I had one more database relation backwards that JJ noticed. I also upgraded to SQLAlchemy 0.4.3, and while I was in the database land I expanded the schema to accept photo submissions, and other changes.

Today I attacked the Mako templates, putting in nice “CSS Star Ratings” for trail difficulty and rating. There is still some more work to do to make things pretty, but one thing at a time. Unfortunately it seems Javascript is required, so I ended up putting in alternate noscript versions as well which are just text fields.

Now we finally get to the title of this post. As I went through all the user submitted strings and made sure they are HTML escaped, I started wondering why I have to remember to do this. It seems it would be much better if things were escaped by default. That way, if you really wanted unescaped sources, you would have to tell the system this is what you really want (hopefully making you think about what you are doing and ensuring that you do things in a safe way, by filtering for example).

Similar Posts:

    None Found