I’m : a programmer, writer, podcaster, geek, and coffee enthusiast.


I propose swapping the default behavior. Any time a variable is output, it should automatically escape any HTML. If I really do want the site to render the submitted HTML, I have to explicitly tell it to.

This is actually how XSL output works. It’s a nice luxury.