1
0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00

Fixed #27678 -- Warned that the template system isn't safe against untrusted authors.

This commit is contained in:
andrewnester
2017-01-09 14:20:57 +03:00
committed by Tim Graham
parent 110f4bb6a2
commit d2e40dd8c2

View File

@@ -36,6 +36,13 @@ For historical reasons, both the generic support for template engines and the
implementation of the Django template language live in the ``django.template`` implementation of the Django template language live in the ``django.template``
namespace. namespace.
.. warning::
The template system isn't safe against untrusted template authors. For
example, a site shouldn't allow its users to provide their own templates,
since template authors can do things like perform XSS attacks and access
properties of template variables that may contain sensitive information.
.. _template-engines: .. _template-engines:
Support for template engines Support for template engines