test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #6097 -- Fixed some broken RST markup. Thanks, Simeon. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2007-12-02 15:03:36 +00:00
parent 0c1ba467ae
commit 04a20c0226
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/templates.txt
View File

@ -340,7 +340,7 @@ That would result in a rendered template like this::
Clearly, user-submitted data shouldn't be trusted blindly and inserted directly Clearly, user-submitted data shouldn't be trusted blindly and inserted directly
into your Web pages, because a malicious user could use this kind of hole to into your Web pages, because a malicious user could use this kind of hole to
do potentially bad things. This type of security exploit is called a do potentially bad things. This type of security exploit is called a
Cross Site Scripting`_ (XSS) attack. `Cross Site Scripting`_ (XSS) attack.
To avoid this problem, you have two options: To avoid this problem, you have two options:
@ -367,6 +367,8 @@ are escaped:
Again, we stress that this behavior is on by default. If you're using Django's Again, we stress that this behavior is on by default. If you're using Django's
template system, you're protected. template system, you're protected.
.. _Cross Site Scripting: http://en.wikipedia.org/wiki/Cross-site_scripting
How to turn it off How to turn it off
------------------ ------------------