summaryrefslogtreecommitdiff
path: root/docs/topics/security.txt
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2012-12-25 09:56:22 -0500
committerTim Graham <timograham@gmail.com>2012-12-26 19:10:50 -0500
commitfbc06eef1af1d7ecf91fae5a94a1994f356ffd22 (patch)
tree0d45acf4eecae06ddc205ffc8b23b11dcb4896b9 /docs/topics/security.txt
parente2396bf1220c543ee8d15c7640481889caace61d (diff)
[1.5.X] Fixed broken links, round 3. refs #19516
Backport of b3a8c9dab8 from master
Diffstat (limited to 'docs/topics/security.txt')
-rw-r--r--docs/topics/security.txt6
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 169f9ac773..9c4c4bbd9e 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -38,7 +38,7 @@ in unauthorized JavaScript execution, depending on how the browser renders
imperfect HTML.
It is also important to be particularly careful when using ``is_safe`` with
-custom template tags, the :ttag:`safe` template tag, :mod:`mark_safe
+custom template tags, the :tfilter:`safe` template tag, :mod:`mark_safe
<django.utils.safestring>`, and when autoescape is turned off.
In addition, if you are using the template system to output something other
@@ -76,8 +76,8 @@ POST to your Web site and have another logged in user unwittingly submit that
form. The malicious user would have to know the nonce, which is user specific
(using a cookie).
-When deployed with :ref:`HTTPS <security-recommendation-ssl>`,
-``CsrfViewMiddleware`` will check that the HTTP referer header is set to a
+When deployed with :ref:`HTTPS <security-recommendation-ssl>`,
+``CsrfViewMiddleware`` will check that the HTTP referer header is set to a
URL on the same origin (including subdomain and port). Because HTTPS
provides additional security, it is imperative to ensure connections use HTTPS
where it is available by forwarding insecure connection requests and using