#5882: Cross-site scripting not mentioned in the tutorial
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: reopened | Component: Documentation
Version: SVN | Resolution:
Keywords: xss cross-site-scripting | Stage: Unreviewed
Has_patch: 0 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
----------------------------------------+-----------------------------------
Changes (by [EMAIL PROTECTED]):
* status: closed => reopened
* resolution: invalid =>
Comment:
You probably wanted to attach the response to ticket 5880. This ticket is
about documentation, not admin.
In the examples in the tutorial, the "escape" function is not mentioned.
This makes the readers believe that just including the raw text into the
HTML code is the right way to do it.
Neither of the three following pages has the word "escape" in it:
http://www.djangoproject.com/documentation/tutorial01/
http://www.djangoproject.com/documentation/tutorial02/
http://www.djangoproject.com/documentation/tutorial03/
--
Ticket URL: <http://code.djangoproject.com/ticket/5882#comment:2>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
