Add warning box to render view note

expressjs · Oct 3, 2023 · 5e918ea · 5e918ea
1 parent 22e1ae0
commit 5e918ea
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/_includes/api/en/4x/app-render.md b/_includes/api/en/4x/app-render.md
@@ -9,6 +9,12 @@ Think of `app.render()` as a utility function for generating rendered view strin
 Internally `res.render()` uses `app.render()` to render views.
 </div>
 
+<div class="doc-box doc-warn" markdown="1">
+The `view` argument performs file system operations like reading a file from
+disk and evaluating Node.js modules, and as so for security reasons should not
+contain input from the end-user.
+</div>
+
 <div class="doc-box doc-notice" markdown="1">
 The local variable `cache` is reserved for enabling view cache. Set it to `true`, if you want to
 cache view during development; view caching is enabled in production by default.

diff --git a/_includes/api/en/4x/res-render.md b/_includes/api/en/4x/res-render.md
@@ -10,7 +10,11 @@ The `view` argument is a string that is the file path of the view file to render
 
 For more information, see [Using template engines with Express](/guide/using-template-engines.html).
 
-**NOTE:** The `view` argument performs file system operations like reading a file from disk and evaluating Node.js modules, and as so for security reasons should not contain input from the end-user.
+<div class="doc-box doc-warn" markdown="1">
+The `view` argument performs file system operations like reading a file from
+disk and evaluating Node.js modules, and as so for security reasons should not
+contain input from the end-user.
+</div>
 
 <div class="doc-box doc-notice" markdown="1">
 The local variable `cache` enables view caching. Set it to `true`,