I am using Clojure/Ring/Compojure-0.4/Enlive stack to build a web application.
Are there functions in this stack that would either strip HTML or HTML-encode (i.e. <a> to <a>) user-supplied strings in order to prevent XSS attacks?
It turns out Enlive does escape HTML by default if you use net.cgrand.enlive-html/content to put text into a HTML element.
(sniptest "<p class=\"c\"></p>" [:.c] (content "<script></script>"))
"<p class=\"c\"><script></script></p>"