We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 0510d03 commit 2818f39Copy full SHA for 2818f39
components/expression_language.rst
@@ -107,6 +107,13 @@ PHP type (including objects)::
107
For more information, see the :doc:`/components/expression_language/syntax`
108
entry, especially :ref:`component-expression-objects` and :ref:`component-expression-arrays`.
109
110
+.. caution::
111
+
112
+ When using variables in expressions, avoid passing untrusted data into the
113
+ array of variables. If you can't avoid that, sanitize non-alphanumeric
114
+ characters in untrusted data to prevent malicious users from injecting
115
+ control characters and altering the expression.
116
117
Caching
118
-------
119
0 commit comments