Library support for Safe Coding Practices

The way we structure libraries and APIs affect the idioms that are available to developers.

If the easiest ways to express ideas are also secure against a particular class of attack, then developers who have seen ideas expressed those ways will tend to produce code that is secure against that class of attack.

Next, we introduce a few such idioms, show how they can be better addressed via a rarely used but powerful JavaScript feature, and end with some ideas on how to foster consistent, powerful, and secure APIs for a class of problems that often have security consequences: composing structured strings to send to external agents.