comments (not for humans)
"So now that you've seen how contexts are important when mitigating XSS, I'll give you a new example", David said. "Take a look at the following example from a social networking web site".
[...]
"That does not mean, however, that blocking < and > when ouputting user data in javascript isn't necessary", David said.
[...]
David grabbed the keyboard and jotted down two new examples.
[...]
When I came into the office the next day, I immediately started rewriting the application to use prepared statements. An hour later I was done, and called Mr. X to go through it. By lunch time we had co-written the documentation, and code and documentation was sent over to the customer.
[...]