diff options
| author | David Smith <39445562+smithdc1@users.noreply.github.com> | 2020-06-17 12:15:56 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-06-17 13:16:17 +0200 |
| commit | 9b95c3bc090ed01b8e46aca14964e23d5b6469f7 (patch) | |
| tree | 10c9791685ace14e016d4968e83624527810519b /docs/topics | |
| parent | 5ba2dfb9d0043121ae9966855ce468ce1104a626 (diff) | |
[3.1.x] Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments.
Backport of 10df5b71775d8ee98201acb1367266521b17cc00 from master
Diffstat (limited to 'docs/topics')
| -rw-r--r-- | docs/topics/forms/modelforms.txt | 2 | ||||
| -rw-r--r-- | docs/topics/security.txt | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/docs/topics/forms/modelforms.txt b/docs/topics/forms/modelforms.txt index c3e6e5c99e..d1ace729e4 100644 --- a/docs/topics/forms/modelforms.txt +++ b/docs/topics/forms/modelforms.txt @@ -420,7 +420,7 @@ fields, especially when new fields are added to a model. Depending on how the form is rendered, the problem may not even be visible on the web page. The alternative approach would be to include all fields automatically, or -blacklist only some. This fundamental approach is known to be much less secure +remove only some. This fundamental approach is known to be much less secure and has led to serious exploits on major websites (e.g. `GitHub <https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation>`_). diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 426c33d035..fe692cad2a 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -261,7 +261,7 @@ User-uploaded content from something like ``usercontent-example.com``. It's *not* sufficient to serve content from a subdomain like ``usercontent.example.com``. - #. Beyond this, applications may choose to define a whitelist of allowable + #. Beyond this, applications may choose to define a list of allowable file extensions for user uploaded files and configure the web server to only serve such files. |
