mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed typo in path to is_safe_url()

Browse Source
This commit is contained in:
Tim Graham
2015-02-20 09:20:38 -05:00
parent d28bcba209
commit dd0b487872
8 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.4.18.txt
View File

@@ -37,7 +37,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs
Django relies on user input in some cases (e.g.
:func:`django.contrib.auth.views.login` and :doc:`i18n </topics/i18n/index>`)
to redirect the user to an "on success" URL. The security checks for these
redirects (namely ``django.util.http.is_safe_url()``) didn't strip leading
redirects (namely ``django.utils.http.is_safe_url()``) didn't strip leading
whitespace on the tested URL and as such considered URLs like
``\njavascript:...`` safe. If a developer relied on ``is_safe_url()`` to
provide safe redirect targets and put such a URL into a link, they could suffer