We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 54cf593 commit 1cdfff6Copy full SHA for 1cdfff6
1 file changed
index.html
@@ -2695,7 +2695,9 @@ <h2 id="utility">Utility Functions</h2>
2695
<p role=note>
2696
<em><tt>_.template</tt> allows the template author to insert arbitrary
2697
JavaScript code by design. This means that you should only pass template
2698
- code from trusted authors.</em>
+ code and template settings from trusted authors. Passing untrusted input
2699
+ to <tt>_.template</tt> <strong>will</strong> create a code injection
2700
+ vulnerability in your application or library!</em>
2701
</p>
2702
2703
<pre>
0 commit comments