docs: make it clear that Element::push_html should b eavoided

Signed-off-by: Lars Wirzenius <liw@liw.fi> Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2024-04-20 08:54:50 +0300
committer: Lars Wirzenius <liw@liw.fi> 2024-04-20 08:54:50 +0300
commit: 296dcf7ec3b45e085c41f4938dd8b1ad71e921b5 (patch)
tree: 6a933cadb27ce0337b084b8bd358e17bf2074772
parent: e5110c887bf08f98a84c97a5fe67a6b8d81ecbf3 (diff)
download: html-page-296dcf7ec3b45e085c41f4938dd8b1ad71e921b5.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 37747d2..fe22010 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -553,7 +553,9 @@ impl Element {
     }
 
     /// Append HTML to element. It will NOT be escaped, when the
-    /// element is serialized.
+    /// element is serialized. This is an easy to inject arbitrary
+    /// junk into the HTML. No validation is done. You should avoid
+    /// this if you can.
     pub fn push_html(&mut self, html: &str) {
         self.children.push(Content::html(html));
     }
author	Lars Wirzenius <liw@liw.fi>	2024-04-20 08:54:50 +0300
committer	Lars Wirzenius <liw@liw.fi>	2024-04-20 08:54:50 +0300
commit	296dcf7ec3b45e085c41f4938dd8b1ad71e921b5 (patch)
tree	6a933cadb27ce0337b084b8bd358e17bf2074772
parent	e5110c887bf08f98a84c97a5fe67a6b8d81ecbf3 (diff)
download	html-page-296dcf7ec3b45e085c41f4938dd8b1ad71e921b5.tar.gz