Problem

Drupal modules suffer from a constant stream of security issues due to missing or wrong sanitization. No wonder: Even as experienced developer it is often not clear where and how to sanitize.
We show that correct sanitization has to be aware of the "context stack". We further show that this brings us to late rendering and autosanitization.

Goal

Developers should be able to declare strings and containers and then be able to rely on them being sanitized accordingly.

Proposed Solution

"Render Objects" are presented as a working proof of concept that can reach this goal.
It may be extended to a unified approach to sanitization, localization, and multiplatform rendering.
Inclusion in a theming layer overhaul is possible