mirror of
https://github.com/golang/go
synced 2024-11-21 22:54:40 -07:00
html/template: doc nit
Execute's data is untrusted regardless of package. R=golang-dev, gri CC=golang-dev https://golang.org/cl/5797062
This commit is contained in:
parent
b23b001bd2
commit
4084f08401
@ -29,7 +29,7 @@ can be safely embedded in an HTML document. The escaping is contextual, so
|
|||||||
actions can appear within JavaScript, CSS, and URI contexts.
|
actions can appear within JavaScript, CSS, and URI contexts.
|
||||||
|
|
||||||
The security model used by this package assumes that template authors are
|
The security model used by this package assumes that template authors are
|
||||||
trusted, while text/template Execute's data parameter is not. More details are
|
trusted, while Execute's data parameter is not. More details are
|
||||||
provided below.
|
provided below.
|
||||||
|
|
||||||
Example
|
Example
|
||||||
|
Loading…
Reference in New Issue
Block a user