diff options
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/contrib/flatpages.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/ref/contrib/flatpages.txt b/docs/ref/contrib/flatpages.txt index d68257bfd1..c82fb5de85 100644 --- a/docs/ref/contrib/flatpages.txt +++ b/docs/ref/contrib/flatpages.txt @@ -164,6 +164,13 @@ For more on middleware, read the :doc:`middleware docs How to add, change and delete flatpages ======================================= +.. warning:: + + Permissions to add or edit flatpages should be restricted to trusted users. + Flatpages are defined by raw HTML and are **not sanitized** by Django. As a + consequence, a malicious flatpage can lead to various security + vulnerabilities, including permission escalation. + .. _flatpages-admin: Via the admin interface |