mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Removed gender-based pronouns per [c0a2daad78].

Browse Source
This commit is contained in:
Tim Graham
2013-11-30 08:37:15 -05:00
parent c0a2daad78
commit f3e7ab366c
12 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.5.2.txt
View File

@@ -16,7 +16,7 @@ The security checks for these redirects (namely
``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)``
and as such allowed ``javascript:...`` URLs to be entered. If a developer
relied on ``is_safe_url()`` to provide safe redirect targets and put such a
URL into a link, he or she could suffer from a XSS attack. This bug doesn't affect
URL into a link, they could suffer from a XSS attack. This bug doesn't affect
Django currently, since we only put this URL into the ``Location`` response
header and browsers seem to ignore JavaScript there.