Commit 4084f084 authored by Russ Cox's avatar Russ Cox

html/template: doc nit

Execute's data is untrusted regardless of package.

R=golang-dev, gri
CC=golang-dev
https://golang.org/cl/5797062
parent b23b001b
...@@ -29,7 +29,7 @@ can be safely embedded in an HTML document. The escaping is contextual, so ...@@ -29,7 +29,7 @@ can be safely embedded in an HTML document. The escaping is contextual, so
actions can appear within JavaScript, CSS, and URI contexts. actions can appear within JavaScript, CSS, and URI contexts.
The security model used by this package assumes that template authors are The security model used by this package assumes that template authors are
trusted, while text/template Execute's data parameter is not. More details are trusted, while Execute's data parameter is not. More details are
provided below. provided below.
Example Example
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment