Update 04-special-tags.md (#11951)

turning the word "XSS Vulnerability" to a clickable link to take the reader to https://owasp.org/www-community/attacks/xss/ so that can read more about it if they don't as that is pretty important.
5 months ago · e2a999c06a
parent 230916f5a0
commit e2a999c06a
1 changed files with 1 additions and 1 deletions
--- a/documentation/docs/02-template-syntax/04-special-tags.md
+++ b/documentation/docs/02-template-syntax/04-special-tags.md
@ -13,7 +13,7 @@ In a text expression, characters like `<` and `>` are escaped; however, with HTM

 The expression should be valid standalone HTML — `{@html "<div>"}content{@html "</div>"}` will _not_ work, because `</div>` is not valid HTML. It also will _not_ compile Svelte code.

-> Svelte does not sanitize expressions before injecting HTML. If the data comes from an untrusted source, you must sanitize it, or you are exposing your users to an XSS vulnerability.
+> Svelte does not sanitize expressions before injecting HTML. If the data comes from an untrusted source, you must sanitize it, or you are exposing your users to an [XSS vulnerability](https://owasp.org/www-community/attacks/xss/)

 ```svelte
 <div class="blog-post">