[1.11.x] Fixed #27678 -- Warned that the template system isn't safe against untrusted authors.
Backport of d2e40dd8c2
from master
This commit is contained in:
parent
a364fb3810
commit
d9f2887645
|
@ -36,6 +36,13 @@ For historical reasons, both the generic support for template engines and the
|
|||
implementation of the Django template language live in the ``django.template``
|
||||
namespace.
|
||||
|
||||
.. warning::
|
||||
|
||||
The template system isn't safe against untrusted template authors. For
|
||||
example, a site shouldn't allow its users to provide their own templates,
|
||||
since template authors can do things like perform XSS attacks and access
|
||||
properties of template variables that may contain sensitive information.
|
||||
|
||||
.. _template-engines:
|
||||
|
||||
Support for template engines
|
||||
|
|
Loading…
Reference in New Issue