Add security recommendation to README.md (fixes #353)

bobthecow · Nov 29, 2019 · e0a45d9 · e0a45d9
1 parent e95c5a0
commit e0a45d9
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ A quick example:
 
 ```php
 <?php
-$m = new Mustache_Engine;
+$m = new Mustache_Engine(array('entity_flags' => ENT_QUOTES));
 echo $m->render('Hello {{planet}}', array('planet' => 'World!')); // "Hello World!"
 ```
 
@@ -53,11 +53,12 @@ And render it:
 
 ```php
 <?php
-$m = new Mustache_Engine;
+$m = new Mustache_Engine(array('entity_flags' => ENT_QUOTES));
 $chris = new Chris;
 echo $m->render($template, $chris);
 ```
 
+*Note:* we recommend using `ENT_QUOTES` as a default of [entity_flags](https://github.com/bobthecow/mustache.php/wiki#entity_flags) to decrease the chance of Cross-site scripting vulnerability.
 
 And That's Not All!
 -------------------