diff options
author | Tim Graham <timograham@gmail.com> | 2014-03-21 07:05:36 -0400 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2014-03-21 07:05:36 -0400 |
commit | aa93a1890f25cbd43bfab0b6684915d8b3c42702 (patch) | |
tree | 57e3a7a5777b6fbfb9fcd0056255d7933dbaa9bf /docs/releases/1.4.6.txt | |
parent | 35f46ec7a99291a560e374183ab4feba2a5c679a (diff) | |
download | django-aa93a1890f25cbd43bfab0b6684915d8b3c42702.tar.gz |
Removed contrib.comments per deprecation timeline.
Diffstat (limited to 'docs/releases/1.4.6.txt')
-rw-r--r-- | docs/releases/1.4.6.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/releases/1.4.6.txt b/docs/releases/1.4.6.txt index cac640ad97..e6ed040c42 100644 --- a/docs/releases/1.4.6.txt +++ b/docs/releases/1.4.6.txt @@ -13,7 +13,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs ------------------------------------------------------------- Django relies on user input in some cases (e.g. -:func:`django.contrib.auth.views.login`, :mod:`django.contrib.comments`, and +:func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and :doc:`i18n </topics/i18n/index>`) to redirect the user to an "on success" URL. The security checks for these redirects (namely ``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` |