docs: add escaping to variables

kenjis · kenjis · commit 78afe57e5019 · 2024-04-04T10:15:40.000+09:00
It is bad practice to output variables without escaping in HTML.
diff --git a/user_guide_src/source/outgoing/alternative_php.rst b/user_guide_src/source/outgoing/alternative_php.rst
@@ -15,11 +15,11 @@ Alternative Echos
 
 Normally to echo, or print out a variable you would do this::
 
-    <?php echo $variable; ?>
+    <?php echo esc($variable); ?>
 
 With the alternative syntax you can instead do it this way::
 
-    <?= $variable ?>
+    <?= esc($variable) ?>
 
 Alternative Control Structures
 ==============================
diff --git a/user_guide_src/source/outgoing/alternative_php/001.php b/user_guide_src/source/outgoing/alternative_php/001.php
@@ -2,7 +2,7 @@
 
 <?php foreach ($todo as $item): ?>
 
-    <li><?= $item ?></li>
+    <li><?= esc($item) ?></li>
 
 <?php endforeach ?>
 
