Try   HackMD
  1. To embed JS code literally in <script>: Replace < to \x3C in sequences </ and <!--.
  2. To interpolate inside an HTML tag:
    • Replace & to &amp; first, and then
    • Replace < to &#x3c;.
    Same to interpolate text in <title>;
    Keyword: RCDATA state.
  3. To interpolate an attribute: additional " to &#x22; or ' to &#x27; depending on which type of quotation marks.

    avoid unquoted user input (harder to escape)!

Notions

  • Indispensible in any HTML framework, frontend- or backend-oriented
  • Hard to do correctly if you are not a web pwner

References

Last changed by 
qbane
"I seek not to know the answers, but to understand the questions."
0
209

Read more

Non-blocking I/O support in WASI runtimes 🤔

tl;dr, poll_oneoff for WASI preview 1 is hard to get right. Will making stdin non-blocking help?

Jun 5, 2025
My Framework 13 AMD Edition

currently a scratchpad :(

May 28, 2025
Zed experience as a Sublime Text user

A note to track down my experience on Zed.

May 25, 2025
QuickJS curated list

https://github.com/kaosat-dev/awesome-quickjs

May 18, 2025
Read more from qbane
Published on HackMD