docs(html): template languages

alibaba · Jan 5, 2025 · 3299895 · 3299895
1 parent 215fece
commit 3299895
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/docs/coding/html.md b/docs/coding/html.md
@@ -528,6 +528,24 @@ Level: **Mandatory**
 {{ username }} {{ tags | join(',') }}
 ```
 
+### Unfiltered user input MUST be HTML escaped
+
+Level: **Mandatory**
+
+```jinja
+{# ❌ bad #}
+<p>{{ description }}</p>
+<script>
+  window.user = {{ user | dump }}
+</script>
+
+{# ✅ good #}
+{{ description | escaped }}
+<script>
+  window.user = {{ user | dump | escaped }}
+</script>
+```
+
 ## Credits
 
 - [Guo Yunhe](https://github.com/guoyunhe)

diff --git a/docs/coding/html.zh.md b/docs/coding/html.zh.md
@@ -529,6 +529,24 @@ order: 1
 {{ username }} {{ tags | join(',') }}
 ```
 
+### 未过滤的用户输入必须 HTML 转义
+
+等级: **强制**
+
+```jinja
+{# ❌ 错误 #}
+<p>{{ description }}</p>
+<script>
+  window.user = {{ user | dump }}
+</script>
+
+{# ✅ 正确 #}
+{{ description | escaped }}
+<script>
+  window.user = {{ user | dump | escaped }}
+</script>
+```
+
 ## 作者署名
 
 - [郭云鹤（鹤仙）](https://github.com/guoyunhe)