Commit a5f71e12 authored by Gabriel Hurley's avatar Gabriel Hurley
Browse files

[1.2.X] Fixed #15365 -- Added a warning to the `contrib.markup` docs reminding... 

[1.2.X] Fixed #15365 -- Added a warning to the `contrib.markup` docs reminding users that the marked up output will not be escaped.

Backport of [15673] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 32ac8d91

docs/ref/contrib/markup.txt

+7 −0
Original line number Diff line number Diff line
@@ -24,6 +24,13 @@ To activate these filters, add ``'django.contrib.markup'`` to your 
For more documentation, read the source code in

:file:`django/contrib/markup/templatetags/markup.py`.



.. warning::



    The output of markup filters is marked "safe" and will not be escaped when

    rendered in a template. Always be careful to sanitize your inputs and make

    sure you are not leaving yourself vulnerable to cross-site scripting or

    other types of attacks.



.. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29

.. _Markdown: http://en.wikipedia.org/wiki/Markdown

.. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText