Browse Source

Added a security section to the foreword and a footnote to the g

variable
pull/1638/head
Armin Ronacher 15 years ago
parent
commit
4671429a50
  1. 12
      docs/_themes/flasky/static/flasky.css_t
  2. 28
      docs/foreword.rst
  3. 2
      docs/patterns.rst
  4. 9
      docs/quickstart.rst

12
docs/_themes/flasky/static/flasky.css_t vendored

@ -243,12 +243,18 @@ table.docutils td, table.docutils th {
padding: 0.25em 0.7em; padding: 0.25em 0.7em;
} }
table.field-list { table.field-list, table.footnote {
border: none; border: none;
-webkit-box-shadow: none; -webkit-box-shadow: none;
-moz-box-shadow: none; -moz-box-shadow: none;
} }
table.footnote {
border: 1px solid #eee;
-webkit-box-shadow: 1px 1px 1px #d8d8d8;
-moz-box-shadow: 1px 1px 1px #d8d8d8;
}
table.field-list th { table.field-list th {
padding: 0 0.8em 0 0; padding: 0 0.8em 0 0;
} }
@ -256,6 +262,10 @@ table.field-list th {
table.field-list td { table.field-list td {
padding: 0; padding: 0;
} }
table.footnote td {
padding: 0.5em;
}
pre { pre {
background: #FDFDFD; background: #FDFDFD;

28
docs/foreword.rst

@ -45,6 +45,34 @@ framework. Flask itself is just one way to implement a framework on top
of existing libraries. Unlike many other microframeworks Flask does not of existing libraries. Unlike many other microframeworks Flask does not
try to implement anything on its own, it reuses existing code. try to implement anything on its own, it reuses existing code.
Web Development is Dangerous
----------------------------
I'm not even joking. Well, maybe a little. If you write a web
application you are probably allowing users to register and leave their
data on your server. The users are entrusting you with data. And even if
you are the only user that might leave data in your application, you still
want that data to be stored in a secure manner.
Unfortunately there are many ways security of a web application can be
compromised. Flask protects you against one of the most common security
problems of modern web applications: cross site scripting (XSS). Unless
you deliberately mark insecure HTML as secure Flask (and the underlying
Jinja2 template engine) have you covered. But there are many more ways to
cause security problems.
Whenever something is dangerous where you have to watch out, the
documentation will tell you so. Some of the security concerns of web
development are far more complex than one might think and often we all end
up in situations where we think "well, this is just far fetched, how could
that possibly be exploited" and then an intelligent guy comes along and
figures a way out to exploit that application. And don't think, your
application is not important enough for hackers to take notice. Depending
ont he kind of attack, chances are there are automated botnets out there
trying to figure out how to fill your database with viagra adverisments.
So always keep that in mind when doing web development.
Target Audience Target Audience
--------------- ---------------

2
docs/patterns.rst

@ -16,6 +16,8 @@ In Flask you can implement such things with the
special :class:`~flask.g` object. special :class:`~flask.g` object.
.. _database-pattern:
Using SQLite 3 with Flask Using SQLite 3 with Flask
------------------------- -------------------------

9
docs/quickstart.rst

@ -313,8 +313,8 @@ Here an example template:
{% endif %} {% endif %}
Inside templates you also have access to the :class:`~flask.request`, Inside templates you also have access to the :class:`~flask.request`,
:class:`~flask.session` and :class:`~flask.g` objects as well as the :class:`~flask.session` and :class:`~flask.g` [#]_ objects
:func:`~flask.get_flashed_messages` function. as well as the :func:`~flask.get_flashed_messages` function.
Templates are especially useful if inheritance is used. If you want to Templates are especially useful if inheritance is used. If you want to
know how that works, head over to the :ref:`template-inheritance` pattern know how that works, head over to the :ref:`template-inheritance` pattern
@ -338,6 +338,11 @@ Markup(u'<blink>hacker</blink>')
>>> Markup('<em>Marked up</em> &raquo; HTML').striptags() >>> Markup('<em>Marked up</em> &raquo; HTML').striptags()
u'Marked up \xbb HTML' u'Marked up \xbb HTML'
.. [#] Unsure what that :class:`~flask.g` object is? It's something you
can store information on yourself, check the documentation of that
object (:class:`~flask.g`) and the :ref:`database-pattern` for more
information.
Accessing Request Data Accessing Request Data
---------------------- ----------------------

Loading…
Cancel
Save