From e9d242d90156f8b77bd302eaa53fbdab31cf845e Mon Sep 17 00:00:00 2001
From: valepu <valepu@libero.it>
Date: Thu, 13 Jun 2024 17:32:09 +0200
Subject: [PATCH] Remove misleading warning

Fixes https://github.com/symfony/symfony-docs/issues/17978

The warning I am removing was created after https://github.com/symfony/symfony-docs/issues/8259 but the issue used an incorrect regex to show a potential problem which doesn't exist.

In my issue I show that it's not actually possible to inject control characters. I would still suggest for someone more involved in symfony development to investigate further, if the expression language is used in the security component this would need more than just a warning
---
 components/expression_language.rst | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/components/expression_language.rst b/components/expression_language.rst
index e90c580fe98..1ddd0fddb30 100644
--- a/components/expression_language.rst
+++ b/components/expression_language.rst
@@ -112,13 +112,6 @@ expressions (e.g. the request, the current user, etc.):
 * :doc:`Variables available in service container expressions </service_container/expression_language>`;
 * :ref:`Variables available in routing expressions <routing-matching-expressions>`.
 
-.. caution::
-
-    When using variables in expressions, avoid passing untrusted data into the
-    array of variables. If you can't avoid that, sanitize non-alphanumeric
-    characters in untrusted data to prevent malicious users from injecting
-    control characters and altering the expression.
-
 .. _expression-language-caching:
 
 Caching