diff --git a/aio/content/guide/security.md b/aio/content/guide/security.md
index c538a7889e..26b0e135cc 100644
--- a/aio/content/guide/security.md
+++ b/aio/content/guide/security.md
@@ -189,6 +189,9 @@ contain unsafe methods. In the same way, if you interact with other libraries th
 the DOM, you likely won't have the same automatic sanitization as with Angular interpolations.
 Avoid directly interacting with the DOM and instead use Angular templates where possible.
 
+浏览器内置的 DOM API 不会自动保护你免受安全漏洞的侵害。比如 `document`、通过 `ElementRef` 拿到的节点和很多第三方 API，都可能包含不安全的方法。如果你使用能操纵 DOM 的其它库，也同样无法借助像 Angular 插值那样的自动清理功能。
+所以，要避免直接和 DOM 打交道，而是尽可能使用 Angular 模板。
+
 For cases where this is unavoidable, use the built-in Angular sanitization functions.
 Sanitize untrusted values with the [DomSanitizer.sanitize](api/platform-browser/DomSanitizer#sanitize)
 method and the appropriate `SecurityContext`. That function also accepts values that were