"For larger and complex web applications, we notice two related vectors for XSS: 1. A developer forgetting to apply escaping to a given variable. 2. A developer applying the wrong escaping for that variable for the context in which it is being inserted. Considering the sheer number of templates in large web applications and the number of untrusted content they may operate on, the process of proper escaping becomes complicated and error prone. It is also difficult to efficiently audit from a security testing perspective. We developed Auto-Escape to take that complexity away from the developer and into the template system and therefore reduce the risks of XSS that would have ensued." - l.m.orchard