diff options
| author | David Smith <39445562+smithdc1@users.noreply.github.com> | 2020-06-17 12:15:56 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-06-17 13:16:17 +0200 |
| commit | 9b95c3bc090ed01b8e46aca14964e23d5b6469f7 (patch) | |
| tree | 10c9791685ace14e016d4968e83624527810519b /docs | |
| parent | 5ba2dfb9d0043121ae9966855ce468ce1104a626 (diff) | |
[3.1.x] Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments.
Backport of 10df5b71775d8ee98201acb1367266521b17cc00 from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.1.3.txt | 2 | ||||
| -rw-r--r-- | docs/releases/1.2.4.txt | 2 | ||||
| -rw-r--r-- | docs/spelling_wordlist | 1 | ||||
| -rw-r--r-- | docs/topics/forms/modelforms.txt | 2 | ||||
| -rw-r--r-- | docs/topics/security.txt | 2 |
5 files changed, 4 insertions, 5 deletions
diff --git a/docs/releases/1.1.3.txt b/docs/releases/1.1.3.txt index ed4663e18f..c88d676f7e 100644 --- a/docs/releases/1.1.3.txt +++ b/docs/releases/1.1.3.txt @@ -45,6 +45,6 @@ password hashes. To remedy this, ``django.contrib.admin`` will now validate that querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly -whitelisted by the application developer using the pre-existing +allowed by the application developer using the pre-existing mechanism mentioned above. This is backwards-incompatible for any users relying on the prior ability to insert arbitrary lookups. diff --git a/docs/releases/1.2.4.txt b/docs/releases/1.2.4.txt index ea0b9a5abc..26a67d9d1e 100644 --- a/docs/releases/1.2.4.txt +++ b/docs/releases/1.2.4.txt @@ -45,7 +45,7 @@ password hashes. To remedy this, ``django.contrib.admin`` will now validate that querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly -whitelisted by the application developer using the pre-existing +allowed by the application developer using the pre-existing mechanism mentioned above. This is backwards-incompatible for any users relying on the prior ability to insert arbitrary lookups. diff --git a/docs/spelling_wordlist b/docs/spelling_wordlist index 791309cfaf..ba9e73f100 100644 --- a/docs/spelling_wordlist +++ b/docs/spelling_wordlist @@ -782,7 +782,6 @@ viewable virtualized Weblog whitelist -whitelisted whitespace whitespaces whizbang diff --git a/docs/topics/forms/modelforms.txt b/docs/topics/forms/modelforms.txt index c3e6e5c99e..d1ace729e4 100644 --- a/docs/topics/forms/modelforms.txt +++ b/docs/topics/forms/modelforms.txt @@ -420,7 +420,7 @@ fields, especially when new fields are added to a model. Depending on how the form is rendered, the problem may not even be visible on the web page. The alternative approach would be to include all fields automatically, or -blacklist only some. This fundamental approach is known to be much less secure +remove only some. This fundamental approach is known to be much less secure and has led to serious exploits on major websites (e.g. `GitHub <https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation>`_). diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 426c33d035..fe692cad2a 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -261,7 +261,7 @@ User-uploaded content from something like ``usercontent-example.com``. It's *not* sufficient to serve content from a subdomain like ``usercontent.example.com``. - #. Beyond this, applications may choose to define a whitelist of allowable + #. Beyond this, applications may choose to define a list of allowable file extensions for user uploaded files and configure the web server to only serve such files. |
