Template auto-escaping
My friend and colleague Jad Boutros has blogged about some of the great work he and his team have done in implementing automatic escaping in web template systems. This is really valuable work because of the huge prevalence of XSS vulnerabilities in web applications. Improving on the current status quo where developers must manually ensure correct escaping for each string inserted in a web template, auto-escaping makes XSS mistakes hard to make and is actually an easier environment for developers and web designers since they no longer need to worry about escaping themselves.
Auto-escaping has been implemented in the Google CTemplate templating system and is coming soon for Clearsilver. Go check it out!