mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[3.1.x] Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments.

Browse Source 
Backport of 10df5b7177 from master
This commit is contained in:
David Smith
2020-06-17 12:15:56 +01:00
committed by Mariusz Felisiak
parent 5ba2dfb9d0
commit 9b95c3bc09
7 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.1.3.txt
View File

@@ -45,6 +45,6 @@ password hashes.
To remedy this, ``django.contrib.admin`` will now validate that
querystring lookup arguments either specify only fields on the model
being viewed, or cross relations which have been explicitly
whitelisted by the application developer using the pre-existing
allowed by the application developer using the pre-existing
mechanism mentioned above. This is backwards-incompatible for any
users relying on the prior ability to insert arbitrary lookups.

2
docs/releases/1.2.4.txt
View File

@@ -45,7 +45,7 @@ password hashes.
To remedy this, ``django.contrib.admin`` will now validate that
querystring lookup arguments either specify only fields on the model
being viewed, or cross relations which have been explicitly
whitelisted by the application developer using the pre-existing
allowed by the application developer using the pre-existing
mechanism mentioned above. This is backwards-incompatible for any
users relying on the prior ability to insert arbitrary lookups.

1
docs/spelling_wordlist
View File

@@ -782,7 +782,6 @@ viewable
virtualized
Weblog
whitelist
whitelisted
whitespace
whitespaces
whizbang

2
docs/topics/forms/modelforms.txt
View File

@@ -420,7 +420,7 @@ fields, especially when new fields are added to a model. Depending on how the
form is rendered, the problem may not even be visible on the web page.
The alternative approach would be to include all fields automatically, or
blacklist only some. This fundamental approach is known to be much less secure
remove only some. This fundamental approach is known to be much less secure
and has led to serious exploits on major websites (e.g. `GitHub
<https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation>`_).

2
docs/topics/security.txt
View File

@@ -261,7 +261,7 @@ User-uploaded content
from something like ``usercontent-example.com``. It's *not* sufficient to
serve content from a subdomain like ``usercontent.example.com``.
#. Beyond this, applications may choose to define a whitelist of allowable
#. Beyond this, applications may choose to define a list of allowable
file extensions for user uploaded files and configure the web server
to only serve such files.