id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27678	Document that the template system isn't safe against untrusted template authors	Tim Graham	Andrew Nester	A few times (e.g. #12772) and in some security reports, the question has come up about whether or not the Django template language is safe against untrusted template authors. We should document that it is not, perhaps in docs/topics/templates.txt.	Cleanup/optimization	closed	Documentation	dev	Normal	fixed			Accepted	1	0	0	0	0	0