mirror of
https://github.com/golang/go
synced 2024-11-21 23:44:39 -07:00
html/template: doc nit
Execute's data is untrusted regardless of package. R=golang-dev, gri CC=golang-dev https://golang.org/cl/5797062
This commit is contained in:
parent
b23b001bd2
commit
4084f08401
@ -29,7 +29,7 @@ can be safely embedded in an HTML document. The escaping is contextual, so
|
||||
actions can appear within JavaScript, CSS, and URI contexts.
|
||||
|
||||
The security model used by this package assumes that template authors are
|
||||
trusted, while text/template Execute's data parameter is not. More details are
|
||||
trusted, while Execute's data parameter is not. More details are
|
||||
provided below.
|
||||
|
||||
Example
|
||||
|
Loading…
Reference in New Issue
Block a user