diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/templates.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/templates.txt b/docs/templates.txt index 3b2c03766b..3a557c1476 100644 --- a/docs/templates.txt +++ b/docs/templates.txt @@ -346,7 +346,7 @@ To avoid this problem, you have two options: * One, you can make sure to run each untrusted variable through the ``escape`` filter (documented below), which converts potentially harmful - HTML characters to unharmful ones. This was default the default solution + HTML characters to unharmful ones. This was the default solution in Django for its first few years, but the problem is that it puts the onus on *you*, the developer / template author, to ensure you're escaping everything. It's easy to forget to escape data. |
