test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[1.11.x] Fixed #27678 -- Warned that the template system isn't safe against untrusted authors. 

Backport of d2e40dd8c2 from master
This commit is contained in:
andrewnester 2017-01-09 14:20:57 +03:00 committed by Tim Graham
parent a364fb3810
commit d9f2887645
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/topics/templates.txt
View File

@ -36,6 +36,13 @@ For historical reasons, both the generic support for template engines and the
implementation of the Django template language live in the ``django.template`` implementation of the Django template language live in the ``django.template``
namespace. namespace.
.. warning::
The template system isn't safe against untrusted template authors. For
example, a site shouldn't allow its users to provide their own templates,
since template authors can do things like perform XSS attacks and access
properties of template variables that may contain sensitive information.
.. _template-engines: .. _template-engines:
Support for template engines Support for template engines