Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.2.X] Fixed #15365 -- Added a warning to the `contrib.markup` docs …

…reminding users that the marked up output will not be escaped.

Backport of [15673] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit a5f71e12643043da9bfdb554e0774c242f0f18b9 1 parent 32ac8d9
authored February 28, 2011

Showing 1 changed file with 7 additions and 0 deletions. Show diff stats Hide diff stats

  1. 7  docs/ref/contrib/markup.txt
7  docs/ref/contrib/markup.txt
@@ -24,6 +24,13 @@ To activate these filters, add ``'django.contrib.markup'`` to your
24 24
 For more documentation, read the source code in
25 25
 :file:`django/contrib/markup/templatetags/markup.py`.
26 26
 
  27
+.. warning::
  28
+
  29
+    The output of markup filters is marked "safe" and will not be escaped when
  30
+    rendered in a template. Always be careful to sanitize your inputs and make
  31
+    sure you are not leaving yourself vulnerable to cross-site scripting or
  32
+    other types of attacks.
  33
+
27 34
 .. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29
28 35
 .. _Markdown: http://en.wikipedia.org/wiki/Markdown
29 36
 .. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText

0 notes on commit a5f71e1

Please sign in to comment.
Something went wrong with that request. Please try again.