Translations:Cross-site scripting/35/en

Mediawiki also has some elegant building interfaces which implicitly escape your output. For SQL using the 'key' => 'value' syntax of conditions implicitly escapes values. And the Html:: and Xml:: interface methods escape attributes, and depending on the method used may escape a text value as well.