From ebdc4025384af8f22965620055666c808c7e3fb3 Mon Sep 17 00:00:00 2001 From: Dan Date: Sun, 17 May 2020 17:38:09 -0700 Subject: [PATCH] Update templates.rst --- templates.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates.rst b/templates.rst index 48fa45eaf14..fb30f9a7c03 100644 --- a/templates.rst +++ b/templates.rst @@ -953,7 +953,7 @@ JavaScript popup window. This is known as a `Cross-Site Scripting`_ (XSS) attack. And while the previous example seems harmless, the attacker could write more advanced JavaScript code -to performs malicious actions. +to perform malicious actions. To prevent this attack, use *"output escaping"* to transform the characters which have special meaning (e.g. replace ``<`` by the ``<`` HTML entity).