root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix typo

This commit is contained in:
Badhreesh 2025-05-22 12:56:14 +02:00 committed by GitHub
parent d4390442b7
commit 6e064b3ff2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/quickstart.rst
View File

@ -147,7 +147,9 @@ how you're using untrusted data.
name = request.args.get("name", "") name = request.args.get("name", "")
return f"Hello, {escape(name)}!" return f"Hello, {escape(name)}!"
User input can be submitted to the view function via the URL as query paramters (``/hello?name=Bob``). Refer :ref:`the-request-object` for information on how the query parameters are accessed. User input can be submitted to the view function via the URL as query parameters,
like ``/hello?name=Bob``. Refer :ref:`the-request-object` for information on how
the query parameters are accessed.
If a user managed to submit ``/hello?name=<script>alert("bad")</script>``, If a user managed to submit ``/hello?name=<script>alert("bad")</script>``,
escaping causes it to be rendered as text, rather than running the escaping causes it to be rendered as text, rather than running the