[1.6.x] Fixed #22504 -- Corrected domain terminology in security guide.

Thanks chris at chrullrich.net. Backport of f65eb15ac6 from master
author: Tim Graham <timograham@gmail.com> 2014-04-25 10:27:13 -0400
committer: Tim Graham <timograham@gmail.com> 2014-04-25 10:29:24 -0400
commit: e9c78435ab9cfd27d0815c244c9a1feb08cc18d1 (patch)
tree: 374c1dfff432c248545cdadee7d3d67a50e47bbb
parent: 2b0e9aa57d4c5b5dbad7d300b4e383d384941034 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 5fd62eb694..b30d340b02 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -237,11 +237,11 @@ User-uploaded content
   you can take to mitigate these attacks:
 
   1. One class of attacks can be prevented by always serving user uploaded
-     content from a distinct Top Level Domain (TLD). This prevents any
-     exploit blocked by `same-origin policy`_ protections such as cross site
-     scripting. For example, if your site runs on ``example.com``, you would
-     want to serve uploaded content (the :setting:`MEDIA_URL` setting) from
-     something like ``usercontent-example.com``. It's *not* sufficient to
+     content from a distinct top-level or second-level domain. This prevents
+     any exploit blocked by `same-origin policy`_ protections such as cross
+     site scripting. For example, if your site runs on ``example.com``, you
+     would want to serve uploaded content (the :setting:`MEDIA_URL` setting)
+     from something like ``usercontent-example.com``. It's *not* sufficient to
      serve content from a subdomain like ``usercontent.example.com``.
 
   2. Beyond this, applications may choose to define a whitelist of allowable
author	Tim Graham <timograham@gmail.com>	2014-04-25 10:27:13 -0400
committer	Tim Graham <timograham@gmail.com>	2014-04-25 10:29:24 -0400
commit	e9c78435ab9cfd27d0815c244c9a1feb08cc18d1 (patch)
tree	374c1dfff432c248545cdadee7d3d67a50e47bbb
parent	2b0e9aa57d4c5b5dbad7d300b4e383d384941034 (diff)