diff --git a/docs/howto/custom-template-tags.txt b/docs/howto/custom-template-tags.txt
index 1f6d2d5..c101f48 100644
|
a
|
b
|
Template filter code falls into one of two situations:
|
| 339 | 339 | handle the auto-escaping issues and return a safe string, the |
| 340 | 340 | ``is_safe`` flag won't change anything either way. |
| 341 | 341 | |
| | 342 | .. warning:: Avoiding XSS vulnerabilities when reusing built-in filters |
| | 343 | |
| | 344 | Be careful when reusing Django's built-in filters. You'll need to pass |
| | 345 | ``autoescape=True`` to the filter in order to get the proper autoescaping |
| | 346 | behavior and avoid a cross-site script vulnerability. |
| | 347 | |
| | 348 | For example, if you wanted to write a custom filter called |
| | 349 | ``urlize_and_linebreaks`` that combined the :tfilter:`urlize` and |
| | 350 | :tfilter:`linebreaksbr` filters, the filter would look like:: |
| | 351 | |
| | 352 | from django.template.defaultfilters import linebreaksbr, urlize |
| | 353 | |
| | 354 | @register.filter |
| | 355 | def urlize_and_linebreaks(text): |
| | 356 | return linebreaksbr(urlize(s, autoescape=True), autoescape=True) |
| | 357 | |
| | 358 | Then: |
| | 359 | |
| | 360 | .. code-block:: html+django |
| | 361 | |
| | 362 | {{ comment|urlize_and_linebreaks }} |
| | 363 | |
| | 364 | would be equivalent to: |
| | 365 | |
| | 366 | .. code-block:: html+django |
| | 367 | |
| | 368 | {{ comment|urlize|linebreaksbr }} |
| | 369 | |
| 342 | 370 | .. _filters-timezones: |
| 343 | 371 | |
| 344 | 372 | Filters and time zones |