Added more explicit warnings about unconfigured reStructured Text usage in docs.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17915 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Luke Plant <L.Plant.98@cantab.net> 2012-04-19 15:00:55 +0000
committer: Luke Plant <L.Plant.98@cantab.net> 2012-04-19 15:00:55 +0000
commit: 718f149bb203d6b3f77bb8126e664054ee90fe7d (patch)
tree: 1cc2b54cf35ca33f9e970e419b977d4eabbf9e5b /docs/topics/security.txt
parent: 38d7a3a0fe1960939a73a3d00dd18c0742731ab9 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 4b393cd1b8..193d0029a4 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -48,6 +48,14 @@ escaping.
 You should also be very careful when storing HTML in the database, especially
 when that HTML is retrieved and displayed.
 
+Markup library
+--------------
+
+If you use :mod:`django.contrib.markup`, you need to ensure that the filters are
+only used on trusted input, or that you have correctly configured them to ensure
+they do not allow raw HTML output. See the documentation of that module for more
+information.
+
 Cross site request forgery (CSRF) protection
 ============================================
author	Luke Plant <L.Plant.98@cantab.net>	2012-04-19 15:00:55 +0000
committer	Luke Plant <L.Plant.98@cantab.net>	2012-04-19 15:00:55 +0000
commit	718f149bb203d6b3f77bb8126e664054ee90fe7d (patch)
tree	1cc2b54cf35ca33f9e970e419b977d4eabbf9e5b /docs/topics/security.txt
parent	38d7a3a0fe1960939a73a3d00dd18c0742731ab9 (diff)