docs: escape variables in view

kenjis · kenjis · commit 8dc1fdd32881 · 2023-04-27T17:06:55.000+09:00
Escaping by default is a good practice.
diff --git a/user_guide_src/source/outgoing/view_cells.rst b/user_guide_src/source/outgoing/view_cells.rst
@@ -100,8 +100,8 @@ At the most basic level, all you need to implement within the class are public p
     }
 
     // app/Cells/alert_message_cell.php
-    <div class="alert alert-<?= $type; ?>">
-        <?= $message; ?>
+    <div class="alert alert-<?= esc($type, 'attr') ?>">
+        <?= esc($message) ?>
     </div>
 
 .. _generating-cell-via-command:

Original file line number	Diff line number	Diff line change
`@@ -100,8 +100,8 @@ At the most basic level, all you need to implement within the class are public p`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`// app/Cells/alert_message_cell.php`
`103`		`- <div class="alert alert-<?= $type; ?>">`
`104`		`- <?= $message; ?>`
	`103`	`+ <div class="alert alert-<?= esc($type, 'attr') ?>">`
	`104`	`+ <?= esc($message) ?>`
`105`	`105`	`</div>`
`106`	`106`
`107`	`107`	`.. _generating-cell-via-command:`