...
Warning |
---|
The above example is suspect to cross-site scripting attacks. Whenever you output a variable in a template, you should consider whether that output should be html escaped. The proper way to render the input field above is this:
The I18nWriter I18n object will escape any html properly to avoid attacks or page breakage. |
...