From 4671429a509094f36e2294055340197091d39979 Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Sun, 11 Apr 2010 03:41:01 +0200
Subject: [PATCH] Added a security section to the foreword and a footnote to
 the g variable

---
 docs/_themes/flasky/static/flasky.css_t | 12 ++++++++++-
 docs/foreword.rst                       | 28 +++++++++++++++++++++++++
 docs/patterns.rst                       |  2 ++
 docs/quickstart.rst                     |  9 ++++++--
 4 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/docs/_themes/flasky/static/flasky.css_t b/docs/_themes/flasky/static/flasky.css_t
index b77f3c30..15495a06 100644
--- a/docs/_themes/flasky/static/flasky.css_t
+++ b/docs/_themes/flasky/static/flasky.css_t
@@ -243,12 +243,18 @@ table.docutils td, table.docutils th {
     padding: 0.25em 0.7em;
 }
 
-table.field-list {
+table.field-list, table.footnote {
     border: none;
     -webkit-box-shadow: none;
     -moz-box-shadow: none;
 }
 
+table.footnote {
+    border: 1px solid #eee;
+    -webkit-box-shadow: 1px 1px 1px #d8d8d8;
+    -moz-box-shadow: 1px 1px 1px #d8d8d8;
+}
+
 table.field-list th {
     padding: 0 0.8em 0 0;
 }
@@ -256,6 +262,10 @@ table.field-list th {
 table.field-list td {
     padding: 0;
 }
+
+table.footnote td {
+    padding: 0.5em;
+}
  
 pre {
     background: #FDFDFD;
diff --git a/docs/foreword.rst b/docs/foreword.rst
index 580cf37d..6b40921f 100644
--- a/docs/foreword.rst
+++ b/docs/foreword.rst
@@ -45,6 +45,34 @@ framework.  Flask itself is just one way to implement a framework on top
 of existing libraries.  Unlike many other microframeworks Flask does not
 try to implement anything on its own, it reuses existing code.
 
+Web Development is Dangerous
+----------------------------
+
+I'm not even joking.  Well, maybe a little.  If you write a web
+application you are probably allowing users to register and leave their
+data on your server.  The users are entrusting you with data.  And even if
+you are the only user that might leave data in your application, you still
+want that data to be stored in a secure manner.
+
+Unfortunately there are many ways security of a web application can be
+compromised.  Flask protects you against one of the most common security
+problems of modern web applications: cross site scripting (XSS).  Unless
+you deliberately mark insecure HTML as secure Flask (and the underlying
+Jinja2 template engine) have you covered.  But there are many more ways to
+cause security problems.
+
+Whenever something is dangerous where you have to watch out, the
+documentation will tell you so.  Some of the security concerns of web
+development are far more complex than one might think and often we all end
+up in situations where we think "well, this is just far fetched, how could
+that possibly be exploited" and then an intelligent guy comes along and
+figures a way out to exploit that application.  And don't think, your
+application is not important enough for hackers to take notice.  Depending
+ont he kind of attack, chances are there are automated botnets out there
+trying to figure out how to fill your database with viagra adverisments.
+
+So always keep that in mind when doing web development.
+
 Target Audience
 ---------------
 
diff --git a/docs/patterns.rst b/docs/patterns.rst
index 3809f754..c7b4769a 100644
--- a/docs/patterns.rst
+++ b/docs/patterns.rst
@@ -16,6 +16,8 @@ In Flask you can implement such things with the
 special :class:`~flask.g` object.
 
 
+.. _database-pattern:
+
 Using SQLite 3 with Flask
 -------------------------
 
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index e6f2e153..de8ce039 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -313,8 +313,8 @@ Here an example template:
     {% endif %}
 
 Inside templates you also have access to the :class:`~flask.request`,
-:class:`~flask.session` and :class:`~flask.g` objects as well as the
-:func:`~flask.get_flashed_messages` function.
+:class:`~flask.session` and :class:`~flask.g` [#]_ objects
+as well as the :func:`~flask.get_flashed_messages` function.
 
 Templates are especially useful if inheritance is used.  If you want to
 know how that works, head over to the :ref:`template-inheritance` pattern
@@ -338,6 +338,11 @@ Markup(u'&lt;blink&gt;hacker&lt;/blink&gt;')
 >>> Markup('<em>Marked up</em> &raquo; HTML').striptags()
 u'Marked up \xbb HTML'
 
+.. [#] Unsure what that :class:`~flask.g` object is? It's something you
+   can store information on yourself, check the documentation of that
+   object (:class:`~flask.g`) and the :ref:`database-pattern` for more
+   information.
+
 
 Accessing Request Data
 ----------------------