I recommend that some pages / areas of the docs of v3 and v4, and even in future versions, should be updated with some kind of note / warning of not using or not be on the escape_html or $smarty->default_modifiers without a this option: ['escape:"htmlall"'] in order to help to prevent XSS attacks and use security good practice.
Example of some pages / areas in v4 docs:
Getting started page
in designers > language-basic-syntax > Introduction page
in designers > language-variables > Introduction page
in designers > language-modifiers > Introduction page
in designers language-modifiers > Introduction page
Hi in sequence of issue #863 .
I recommend that some pages / areas of the docs of v3 and v4, and even in future versions, should be updated with some kind of note / warning of not using or not be on the
escape_htmlor$smarty->default_modifierswithout a this option:['escape:"htmlall"']in order to help to prevent XSS attacks and use security good practice.Example of some pages / areas in v4 docs:
Getting startedpageIntroductionpageIntroductionpageIntroductionpageIntroductionpageescapepageunescapepage