Skip to content

Commit

Permalink
Update files/en-us/web/security/attacks/xss/index.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Hamish Willee <[email protected]>
  • Loading branch information
@wbamberg @hamishwillee
wbamberg and hamishwillee authored Dec 17, 2024
1 parent a8de9b1 commit 262b86c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion files/en-us/web/security/attacks/xss/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ Most modern templating engines automatically perform output encoding. For exampl

- `&` is converted to `&amp;`

This means that if you pass `<img src=x onerror=alert('XSS!')>` into the Django template above, it will be rendered as text:
This means that if you pass `<img src=x onerror=alert('XSS!')>` into the Django template above, it will be converted to `&lt;img src=x onerror=alert(&#x27;XSS!&#x27;)&gt;`, which is _rendered_ as the entered text:

> You searched for &lt;img src=x onerror=alert('XSS!')&gt;.
Expand Down

0 comments on commit 262b86c

Please sign in to comment.