Merge commit '336622d5e7afd9334cd2de7150d4f16bdf7c24f9'

author: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2023-03-01 11:56:07 +0100
committer: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2023-03-01 11:56:07 +0100
commit: 97b010f521e592b5fc29daace225476b64543643 (patch)
tree: ddccebf102a88fb3f8c936dd9178f2ae02d3693e /docs/content/en/about
parent: 4d36b99a4e119594cb658a8796b18fc13b0672bc (diff)
parent: 336622d5e7afd9334cd2de7150d4f16bdf7c24f9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/content/en/about/security-model/index.md b/docs/content/en/about/security-model/index.md
index 66cb15463..d4dacd9bf 100644
--- a/docs/content/en/about/security-model/index.md
+++ b/docs/content/en/about/security-model/index.md
@@ -57,7 +57,7 @@ For HTML output, this is the core security model:
 
 In short:
 
-Templates authors (you) are trusted, but the data you send in is not.
+Template and configuration authors (you) are trusted, but the data you send in is not.
 This is why you sometimes need to use the _safe_ functions, such as `safeHTML`, to avoid escaping of data you know is safe.
 There is one exception to the above, as noted in the documentation: If you enable inline shortcodes, you also say that the shortcodes and data handling in content files are trusted, as those macros are treated as pure text.
 It may be worth adding that Hugo is a static site generator with no concept of dynamic user input.
author	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2023-03-01 11:56:07 +0100
committer	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2023-03-01 11:56:07 +0100
commit	97b010f521e592b5fc29daace225476b64543643 (patch)
tree	ddccebf102a88fb3f8c936dd9178f2ae02d3693e /docs/content/en/about
parent	4d36b99a4e119594cb658a8796b18fc13b0672bc (diff)
parent	336622d5e7afd9334cd2de7150d4f16bdf7c24f9 (diff)