Fixed #7470 -- Corrected typo in template docs. Thanks to cbmeeks@gmail.com for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
8a861942cd
commit
e4fc327890
|
@ -346,7 +346,7 @@ To avoid this problem, you have two options:
|
||||||
|
|
||||||
* One, you can make sure to run each untrusted variable through the
|
* One, you can make sure to run each untrusted variable through the
|
||||||
``escape`` filter (documented below), which converts potentially harmful
|
``escape`` filter (documented below), which converts potentially harmful
|
||||||
HTML characters to unharmful ones. This was default the default solution
|
HTML characters to unharmful ones. This was the default solution
|
||||||
in Django for its first few years, but the problem is that it puts the
|
in Django for its first few years, but the problem is that it puts the
|
||||||
onus on *you*, the developer / template author, to ensure you're escaping
|
onus on *you*, the developer / template author, to ensure you're escaping
|
||||||
everything. It's easy to forget to escape data.
|
everything. It's easy to forget to escape data.
|
||||||
|
|
Loading…
Reference in New Issue