diff --git a/Code-Security-Guidelines.md b/Code-Security-Guidelines.md
index c624f5e..d9ebc9d 100644
--- a/Code-Security-Guidelines.md
+++ b/Code-Security-Guidelines.md
@@ -113,4 +113,12 @@ If you're reading or writing to a file and user can somehow control the file pat
 - Use "File" doctype API wherever possible to create files and read content. File doctype ensures that whatever you're reading and writing belongs to the site. 
 - If it's not possible and you're accepting user input in any way make sure the path is:
     - not traversing back using /../../
-    - In site's folder and not somewhere else.
\ No newline at end of file
+    - In site's folder and not somewhere else.
+
+Example:
+
+```python
+@frappe.whitelist()
+def get_file(path):
+    return open(path).read()  # This allows reading everything on server.
+```
\ No newline at end of file