Some time ago I wrote on cross-site scripting and proper escaping in EJS templates. I expanded the topic and presented on it today at the Salt Lake City Front End Users Group + Donuts.js. Here I stripped out the getting to know you slides and uploaded it to SlideShare.
The examples are in EJS but the ideas are universal. Hopefully, this is one step closer to a perfect presentation on the subject. The topic can be tricky even though the solution is simple. There are just so many attractive wrong ways to do it.
The presentation has several GIFs in it that really just add some fun. You can get all the meat by viewing the slideshow online. Or download it and have a laugh. (Check out the presenter notes if you do download it.)
[slideshare id=51826602&doc=mjs-escaping-xss-150819194107-lva1-app6891]