mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Code Issues 32 Releases Wiki Activity

Added more explicit warnings about unconfigured reStructured Text usage in docs.

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17915 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant
2012-04-19 15:00:55 +00:00
parent 38d7a3a0fe
commit 718f149bb2
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/ref/contrib/markup.txt
View File

@@ -46,6 +46,15 @@ When using the ``restructuredtext`` markup filter you can define a
override the default writer settings. See the `restructuredtext writer
settings`_ for details on what these settings are.
.. warning::
reStructured Text has features that allow raw HTML to be included, and that
allow arbitrary files to be included. These can lead to XSS vulnerabilities
and leaking of private information. It is your responsibility to check the
features of this library and configure appropriately to avoid this. See the
`Deploying Docutils Securely
<http://docutils.sourceforge.net/docs/howto/security.html>`_ documentation.
.. _restructuredtext writer settings: http://docutils.sourceforge.net/docs/user/config.html#html4css1-writer
Markdown