Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jwilk
on Sept 2, 2017
|
parent
|
context
|
favorite
| on:
The Grave Accent and XSS
You should put quotes around the attribute value.
Then you won't need to escape =.
extrapickles
on Sept 3, 2017
[–]
The issue is when a developer forgets to do so. No reason to not escape it.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Then you won't need to escape =.