diff --git a/site/content/tutorial/01-introduction/06-html-tags/text.md b/site/content/tutorial/01-introduction/06-html-tags/text.md index fdc8a576ff..cf5032fea4 100644 --- a/site/content/tutorial/01-introduction/06-html-tags/text.md +++ b/site/content/tutorial/01-introduction/06-html-tags/text.md @@ -12,4 +12,4 @@ In Svelte, you do this with the special `{@html ...}` tag:
{@html string}
``` -> Svelte doesn't perform any sanitization of the data before it gets inserted into the DOM. In other words, it's critical that you manually escape HTML that comes from sources you don't trust, otherwise you risk exposing your users to XSS attacks. \ No newline at end of file +> Svelte doesn't perform any sanitization of the data before it gets inserted into the DOM via a @html-tag. In other words, if you use `{@html ...}` it's critical that you manually escape HTML that comes from sources you don't trust, otherwise you risk exposing your users to XSS attacks.