mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Fixed #26206 -- Fixed docs comments causing empty code blocks.
This commit is contained in:
		| @@ -1244,7 +1244,6 @@ The view is hooked up to your application and configured in the same fashion as | ||||
| The response format is as follows: | ||||
|  | ||||
| .. code-block:: text | ||||
| ..   JSON doesn't allow comments so highlighting as JSON won't work here. | ||||
|  | ||||
|     { | ||||
|         "catalog": { | ||||
| @@ -1256,6 +1255,8 @@ The response format is as follows: | ||||
|         "plural": "..."  # Expression for plural forms, or null. | ||||
|     } | ||||
|  | ||||
| .. JSON doesn't allow comments so highlighting as JSON won't work here. | ||||
|  | ||||
| Note on performance | ||||
| ------------------- | ||||
|  | ||||
|   | ||||
| @@ -30,10 +30,11 @@ malicious input, it is not entirely foolproof. For example, it will not | ||||
| protect the following: | ||||
|  | ||||
| .. code-block:: text | ||||
| ..   highlighting as html+django fails due to intentionally missing quotes. | ||||
|  | ||||
|     <style class={{ var }}>...</style> | ||||
|  | ||||
| .. highlighting as html+django fails due to intentionally missing quotes. | ||||
|  | ||||
| If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result | ||||
| in unauthorized JavaScript execution, depending on how the browser renders | ||||
| imperfect HTML. (Quoting the attribute value would fix this case.) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user