On Sat, Sep 11, 2021 at 07:28:43PM +0200, Tomas Hlavaty wrote: > On Sat 11 Sep 2021 at 18:11, Jean-Christophe Helary > <[email protected]> wrote: > > (prin "<" C D " id=\"h" D "-" E "\">") > > which would give us: > > <h2 id="h2-My heading">My heading</h2> > > What if the value of E is something like > > "><script>alert('xss');</script>
In final code this would be written as (ht:Prin E) ☺/ A!ex -- UNSUBSCRIBE: mailto:[email protected]?subject=Unsubscribe
