Fixed #25212 -- Documented the RawSQL expression.

author: Tim Graham <timograham@gmail.com> 2015-08-03 16:27:49 -0400
committer: Tim Graham <timograham@gmail.com> 2015-08-05 07:54:54 -0400
commit: 97fa7fe961f961b6c93a11b50a7a1ed35c8bce8d (patch)
tree: 9d20093aa440f3f7f73d9da7c6d4a476a4424515 /docs/topics/security.txt
parent: 28cb272a7279e6dfc4d5c53838ebf7343c3e66b5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 6eab39efed..3d535bb85e 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -94,7 +94,8 @@ write :ref:`raw queries <executing-raw-queries>` or execute
 :ref:`custom sql <executing-custom-sql>`. These capabilities should be used
 sparingly and you should always be careful to properly escape any parameters
 that the user can control. In addition, you should exercise caution when using
-:meth:`extra() <django.db.models.query.QuerySet.extra>`.
+:meth:`~django.db.models.query.QuerySet.extra` and
+:class:`~django.db.models.expressions.RawSQL`.
 
 Clickjacking protection
 =======================
author	Tim Graham <timograham@gmail.com>	2015-08-03 16:27:49 -0400
committer	Tim Graham <timograham@gmail.com>	2015-08-05 07:54:54 -0400
commit	97fa7fe961f961b6c93a11b50a7a1ed35c8bce8d (patch)
tree	9d20093aa440f3f7f73d9da7c6d4a476a4424515 /docs/topics/security.txt
parent	28cb272a7279e6dfc4d5c53838ebf7343c3e66b5 (diff)