diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.1.3.txt | 2 | ||||
| -rw-r--r-- | docs/releases/1.2.4.txt | 2 | ||||
| -rw-r--r-- | docs/spelling_wordlist | 1 | ||||
| -rw-r--r-- | docs/topics/forms/modelforms.txt | 2 | ||||
| -rw-r--r-- | docs/topics/security.txt | 2 |
5 files changed, 4 insertions, 5 deletions
diff --git a/docs/releases/1.1.3.txt b/docs/releases/1.1.3.txt index ed4663e18f..c88d676f7e 100644 --- a/docs/releases/1.1.3.txt +++ b/docs/releases/1.1.3.txt @@ -45,6 +45,6 @@ password hashes. To remedy this, ``django.contrib.admin`` will now validate that querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly -whitelisted by the application developer using the pre-existing +allowed by the application developer using the pre-existing mechanism mentioned above. This is backwards-incompatible for any users relying on the prior ability to insert arbitrary lookups. diff --git a/docs/releases/1.2.4.txt b/docs/releases/1.2.4.txt index ea0b9a5abc..26a67d9d1e 100644 --- a/docs/releases/1.2.4.txt +++ b/docs/releases/1.2.4.txt @@ -45,7 +45,7 @@ password hashes. To remedy this, ``django.contrib.admin`` will now validate that querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly -whitelisted by the application developer using the pre-existing +allowed by the application developer using the pre-existing mechanism mentioned above. This is backwards-incompatible for any users relying on the prior ability to insert arbitrary lookups. diff --git a/docs/spelling_wordlist b/docs/spelling_wordlist index 791309cfaf..ba9e73f100 100644 --- a/docs/spelling_wordlist +++ b/docs/spelling_wordlist @@ -782,7 +782,6 @@ viewable virtualized Weblog whitelist -whitelisted whitespace whitespaces whizbang diff --git a/docs/topics/forms/modelforms.txt b/docs/topics/forms/modelforms.txt index c3e6e5c99e..d1ace729e4 100644 --- a/docs/topics/forms/modelforms.txt +++ b/docs/topics/forms/modelforms.txt @@ -420,7 +420,7 @@ fields, especially when new fields are added to a model. Depending on how the form is rendered, the problem may not even be visible on the web page. The alternative approach would be to include all fields automatically, or -blacklist only some. This fundamental approach is known to be much less secure +remove only some. This fundamental approach is known to be much less secure and has led to serious exploits on major websites (e.g. `GitHub <https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation>`_). diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 426c33d035..fe692cad2a 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -261,7 +261,7 @@ User-uploaded content from something like ``usercontent-example.com``. It's *not* sufficient to serve content from a subdomain like ``usercontent.example.com``. - #. Beyond this, applications may choose to define a whitelist of allowable + #. Beyond this, applications may choose to define a list of allowable file extensions for user uploaded files and configure the web server to only serve such files. |
