diff --git a/templates.rst b/templates.rst
index 48fa45eaf14..fb30f9a7c03 100644
--- a/templates.rst
+++ b/templates.rst
@@ -953,7 +953,7 @@ JavaScript popup window.
 
 This is known as a `Cross-Site Scripting`_ (XSS) attack. And while the previous
 example seems harmless, the attacker could write more advanced JavaScript code
-to performs malicious actions.
+to perform malicious actions.
 
 To prevent this attack, use *"output escaping"* to transform the characters
 which have special meaning (e.g. replace ``<`` by the ``&lt;`` HTML entity).