Browse files

Fixed #15365 -- Added a warning to the `contrib.markup` docs remindin…

…g users that the marked up output will not be escaped.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent c9db8cc commit 13838fb233f15ba1a409c31003ca5dc9c9a42eea Gabriel Hurley committed Feb 28, 2011
Showing with 7 additions and 0 deletions.
  1. +7 −0 docs/ref/contrib/markup.txt
@@ -24,6 +24,13 @@ To activate these filters, add ``'django.contrib.markup'`` to your
For more documentation, read the source code in
+.. warning::
+ The output of markup filters is marked "safe" and will not be escaped when
+ rendered in a template. Always be careful to sanitize your inputs and make
+ sure you are not leaving yourself vulnerable to cross-site scripting or
+ other types of attacks.
.. _Textile:
.. _Markdown:
.. _reST (reStructured Text):

0 comments on commit 13838fb

Please sign in to comment.