Fixed #6097 -- Fixed some broken RST markup. Thanks, Simeon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick
parent
0c1ba467ae
commit
04a20c0226
|
|
@ -340,7 +340,7 @@ That would result in a rendered template like this::
|
|||
Clearly, user-submitted data shouldn't be trusted blindly and inserted directly
|
||||
into your Web pages, because a malicious user could use this kind of hole to
|
||||
do potentially bad things. This type of security exploit is called a
|
||||
Cross Site Scripting`_ (XSS) attack.
|
||||
`Cross Site Scripting`_ (XSS) attack.
|
||||
|
||||
To avoid this problem, you have two options:
|
||||
|
||||
|
|
@ -367,6 +367,8 @@ are escaped:
|
|||
Again, we stress that this behavior is on by default. If you're using Django's
|
||||
template system, you're protected.
|
||||
|
||||
.. _Cross Site Scripting: http://en.wikipedia.org/wiki/Cross-site_scripting
|
||||
|
||||
How to turn it off
|
||||
------------------
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue