8000 Update 04-special-tags.md (#11951) · sveltejs/svelte@e2a999c · GitHub
[go: up one dir, main page]
Skip to content

Commit e2a999c

Browse files
olaleykhanolaleykhan
authored
Update 04-special-tags.md (#11951)
turning the word "XSS Vulnerability" to a clickable link to take the reader to https://owasp.org/www-community/attacks/xss/ so that can read more about it if they don't as that is pretty important.
1 parent 230916f commit e2a999c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

documentation/docs/02-template-syntax/04-special-tags.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ In a text expression, characters like `<` and `>` are escaped; however, with HTM
1313

1414
The expression should be valid standalone HTML — `{@html "<div>"}content{@html "</div>"}` will _not_ work, because `</div>` is not valid HTML. It also will _not_ compile Svelte code.
1515

16-
> Svelte does not sanitize expressions before injecting HTML. If the data comes from an untrusted source, you must sanitize it, or you are exposing your users to an XSS vulnerability.
16+
> Svelte does not sanitize expressions before injecting HTML. If the data comes from an untrusted source, you must sanitize it, or you are exposing your users to an [XSS vulnerability](https://owasp.org/www-community/attacks/xss/)
1717
1818
```svelte
1919
<div class="blog-post">

0 commit comments

Comments
 (0)
0