Loading docs/topics/i18n/translation.txt +2 −1 Original line number Diff line number Diff line Loading @@ -1244,7 +1244,6 @@ The view is hooked up to your application and configured in the same fashion as The response format is as follows: .. code-block:: text .. JSON doesn't allow comments so highlighting as JSON won't work here. { "catalog": { Loading @@ -1256,6 +1255,8 @@ The response format is as follows: "plural": "..." # Expression for plural forms, or null. } .. JSON doesn't allow comments so highlighting as JSON won't work here. Note on performance ------------------- Loading docs/topics/security.txt +2 −1 Original line number Diff line number Diff line Loading @@ -30,10 +30,11 @@ malicious input, it is not entirely foolproof. For example, it will not protect the following: .. code-block:: text .. highlighting as html+django fails due to intentionally missing quotes. <style class={{ var }}>...</style> .. highlighting as html+django fails due to intentionally missing quotes. If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result in unauthorized JavaScript execution, depending on how the browser renders imperfect HTML. (Quoting the attribute value would fix this case.) Loading Loading
docs/topics/i18n/translation.txt +2 −1 Original line number Diff line number Diff line Loading @@ -1244,7 +1244,6 @@ The view is hooked up to your application and configured in the same fashion as The response format is as follows: .. code-block:: text .. JSON doesn't allow comments so highlighting as JSON won't work here. { "catalog": { Loading @@ -1256,6 +1255,8 @@ The response format is as follows: "plural": "..." # Expression for plural forms, or null. } .. JSON doesn't allow comments so highlighting as JSON won't work here. Note on performance ------------------- Loading
docs/topics/security.txt +2 −1 Original line number Diff line number Diff line Loading @@ -30,10 +30,11 @@ malicious input, it is not entirely foolproof. For example, it will not protect the following: .. code-block:: text .. highlighting as html+django fails due to intentionally missing quotes. <style class={{ var }}>...</style> .. highlighting as html+django fails due to intentionally missing quotes. If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result in unauthorized JavaScript execution, depending on how the browser renders imperfect HTML. (Quoting the attribute value would fix this case.) Loading
