Website guides: highlight potential security risk with above code (#4779

)

To better highlight potential risks with the above code. New developers who may scour through the website guides might be more prone to a copy-and-paste method of testing things out. Nothing's wrong with doing that for learning purposes, but some might be too quick to do that and skip reading through the paragraph.

locale/en/knowledge/HTTP/servers/how-to-serve-static-files.md

@@ -26,7 +26,7 @@ http.createServer(function (req, res) {
 }).listen(8080);
 ```
 
-This example takes the path requested and it serves that path, relative to the local directory. This works fine as a quick solution; however, there are a few problems with this approach. First, this code does not correctly handle mime types. Additionally, a proper static file server should really be taking advantage of client side caching, and should send a "Not Modified" response if nothing has changed. Furthermore, there are security bugs that can enable a malicious user to break out of the current directory. (for example, `GET /../../../`).
+This example takes the path requested and it serves that path, relative to the local directory. This works fine as a quick solution; however, there are a few problems with this approach. First, this code does not correctly handle mime types. Additionally, a proper static file server should really be taking advantage of client side caching, and should send a "Not Modified" response if nothing has changed. **Furthermore, there are security bugs that can enable a malicious user to break out of the current directory. (for example, `GET /../../../`)**.
 
 Each of these can be addressed individually without much difficulty. You can send the proper mime type header. You can figure how to utilize the client caches. You can take advantage of `path.normalize` to make sure that requests don't break out of the current directory. But why write all that code when you can just use someone else's library?