mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-25 08:40:45 +00:00
Code Issues32 Releases Wiki Activity

[1.11.x] Fixed -- Warned that the template system isn't safe against untrusted authors.

Browse Source 
Backport of d2e40dd8c2031cd03700e72d87d455d5e974800c from master
This commit is contained in:
andrewnester 2017-01-09 14:20:57 +03:00 committed by Tim Graham
parent a364fb3810
commit d9f2887645
1 changed files with 7 additions and 0 deletions

7
docs/topics/templates.txt

@ -36,6 +36,13 @@ For historical reasons, both the generic support for template engines and the
implementation of the Django template language live in the ``django.template``
namespace.
.. warning::
The template system isn't safe against untrusted template authors. For
example, a site shouldn't allow its users to provide their own templates,
since template authors can do things like perform XSS attacks and access
properties of template variables that may contain sensitive information.
.. _template-engines:
Support for template engines