I know all the advice on the internets says that you shouldn’t develop yet another web templating language, but I haven’t found anything that matches my requirements as the author of an (open source) scriptable web app which provides plugins with a web app framework.
I have a particular thing about security, so my primary goal is to create a language in which it’s hard or impossible to make any of the common security mistakes, such as XSS. Or rather, make the easy way of doing things the secure way of doing things.
I’ve written a prototype, and would be very grateful for any thoughts on where I’m going. There are some unanswered questions, particularly around how URLs are generated with all their peculiar requirements.
Longer description in the repo README.