From cb6a6526c5620aff9ff27869f6768c4e57a84364 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 15 Jun 2022 16:20:24 +0200 Subject: [PATCH] typos --- doc/cs/vulnerability-protection.texy | 2 +- doc/en/vulnerability-protection.texy | 2 +- latte/cs/filters.texy | 2 +- latte/en/filters.texy | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/cs/vulnerability-protection.texy b/doc/cs/vulnerability-protection.texy index f436941120..64465c0797 100644 --- a/doc/cs/vulnerability-protection.texy +++ b/doc/cs/vulnerability-protection.texy @@ -14,7 +14,7 @@ Cross-Site Scripting je metoda narušení webových stránek zneužívající ne Příkladem útoku může být podstrčení upravené URL uživateli, pomocí které injektujeme do stránky svůj kód. Když aplikace nebude výstupy řádně ošetřovat, vykoná skript v prohlížeči uživatele. Tímto způsobem mu můžeme například zcizit identitu. ``` -http://example.com/?search=<script>alert('Úspěšný XSS útok.');</script> +https://example.com/?search= ``` diff --git a/doc/en/vulnerability-protection.texy b/doc/en/vulnerability-protection.texy index fa145522ba..ae50c87c64 100644 --- a/doc/en/vulnerability-protection.texy +++ b/doc/en/vulnerability-protection.texy @@ -13,7 +13,7 @@ Cross-Site Scripting is a site disruption method using unescaped input. An attac An example of such an injection may be slipping the user an altered URL, which inserts a "malicious" script. If an application does not escape its inputs properly, such a request would possibly execute a script on the client's side. This may, for example, lead to stolen identity. ``` -http://example.com/?search=<script>alert('XSS attack.');</script> +https://example.com/?search= ``` Nette Framework comes up with a brand new technology of [Context-Aware Escaping |latte:safety-first#context-aware-escaping], which will get you rid of the Cross-Site Scripting risks forever. It escapes all inputs automatically based on a given context, so it's impossible for a coder to accidentally forget something. Consider the following template as an example: diff --git a/latte/cs/filters.texy b/latte/cs/filters.texy index 51a8112ea3..40231252d0 100644 --- a/latte/cs/filters.texy +++ b/latte/cs/filters.texy @@ -546,7 +546,7 @@ replaceRE(string pattern, string replace = '') .[filter] Provede vyhledávání regulárních výrazů s nahrazením. ```latte -{='hello world'|replaceRE: 'l.*', 'l'} {* vypíše 'hel' *} +{='hello world'|replaceRE: '/l.*/', 'l'} {* vypíše 'hel' *} ``` diff --git a/latte/en/filters.texy b/latte/en/filters.texy index 29317eb00e..4ddbde7865 100644 --- a/latte/en/filters.texy +++ b/latte/en/filters.texy @@ -546,7 +546,7 @@ replaceRE(string pattern, string replace = '') .[filter] Replaces all occurrences according to regular expression. ```latte -{='hello world'|replaceRE: 'l.*', 'l'} {* outputs 'hel' *} +{='hello world'|replaceRE: '/l.*/', 'l'} {* outputs 'hel' *} ```