mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-04 05:35:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed #15365 -- Added a warning to the contrib.markup docs reminding users that the marked up output will not be escaped.

Browse source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Gabriel Hurley 2011-02-28 05:39:44 +00:00
parent c9db8cc83f
commit 13838fb233
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/ref/contrib/markup.txt
View file

@ -24,6 +24,13 @@ To activate these filters, add ``'django.contrib.markup'`` to your
For more documentation, read the source code in For more documentation, read the source code in
:file:`django/contrib/markup/templatetags/markup.py`. :file:`django/contrib/markup/templatetags/markup.py`.
.. warning::
The output of markup filters is marked "safe" and will not be escaped when
rendered in a template. Always be careful to sanitize your inputs and make
sure you are not leaving yourself vulnerable to cross-site scripting or
other types of attacks.
.. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29 .. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29
.. _Markdown: http://en.wikipedia.org/wiki/Markdown .. _Markdown: http://en.wikipedia.org/wiki/Markdown
.. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText .. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText