Unclear to me whether "better languages" is the issue or just better type systems. We should be able to express "untrusted input" in any sufficiently extensible type system (e.g., Rust would probably let you express this). Typescript may let you express this; I don't know because I've never worked with it.<p>At a high level, I agree - our tools should do this for us, we shouldn't need people to be experts in untrusted input handling to work effectively with it.<p>Google internalized this and built their own modular library that they use for all UI development that just makes this completely opaque to the developers. So they don't have most frontend input handling bugs, or if they do they get fixed for everyone at once in the framework layer.