Fixed #26206 -- Fixed docs comments causing empty code blocks.
This commit is contained in:
Tim Graham
parent
58f8150805
commit
f2b45ddd99
|
|
@ -1244,7 +1244,6 @@ The view is hooked up to your application and configured in the same fashion as
|
||||||
The response format is as follows:
|
The response format is as follows:
|
||||||
|
|
||||||
.. code-block:: text
|
.. code-block:: text
|
||||||
.. JSON doesn't allow comments so highlighting as JSON won't work here.
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"catalog": {
|
"catalog": {
|
||||||
|
|
@ -1256,6 +1255,8 @@ The response format is as follows:
|
||||||
"plural": "..." # Expression for plural forms, or null.
|
"plural": "..." # Expression for plural forms, or null.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.. JSON doesn't allow comments so highlighting as JSON won't work here.
|
||||||
|
|
||||||
Note on performance
|
Note on performance
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,10 +30,11 @@ malicious input, it is not entirely foolproof. For example, it will not
|
||||||
protect the following:
|
protect the following:
|
||||||
|
|
||||||
.. code-block:: text
|
.. code-block:: text
|
||||||
.. highlighting as html+django fails due to intentionally missing quotes.
|
|
||||||
|
|
||||||
<style class={{ var }}>...</style>
|
<style class={{ var }}>...</style>
|
||||||
|
|
||||||
|
.. highlighting as html+django fails due to intentionally missing quotes.
|
||||||
|
|
||||||
If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result
|
If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result
|
||||||
in unauthorized JavaScript execution, depending on how the browser renders
|
in unauthorized JavaScript execution, depending on how the browser renders
|
||||||
imperfect HTML. (Quoting the attribute value would fix this case.)
|
imperfect HTML. (Quoting the attribute value would fix this case.)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue