mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Used auto-numbered lists in documentation.

Browse source
This commit is contained in:
François Freitag 2018-11-15 19:54:28 +01:00 committed by Tim Graham
parent cf915cb513
commit 9b15ff08ba
36 changed files with 169 additions and 173 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/topics/security.txt
View file

@ -244,7 +244,7 @@ User-uploaded content
validate all user uploaded file content, however, there are some other steps
you can take to mitigate these attacks:
1. One class of attacks can be prevented by always serving user uploaded
#. One class of attacks can be prevented by always serving user uploaded
content from a distinct top-level or second-level domain. This prevents
any exploit blocked by `same-origin policy`_ protections such as cross
site scripting. For example, if your site runs on ``example.com``, you
@ -252,7 +252,7 @@ User-uploaded content
from something like ``usercontent-example.com``. It's *not* sufficient to
serve content from a subdomain like ``usercontent.example.com``.
2. Beyond this, applications may choose to define a whitelist of allowable
#. Beyond this, applications may choose to define a whitelist of allowable
file extensions for user uploaded files and configure the web server
to only serve such files.