diff --git a/docs/installation.rst b/docs/installation.rst index 34f4e160..a7ef0021 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -162,8 +162,8 @@ and :command:`python` which will run those things, but this might not automatica on Windows, because it doesn't know where those executables are (give either a try!). To fix this, you should be able to navigate to your Python install directory -(e.g ``C:\Python27``), then go to ``Tools``, then ``Scripts``; then find the -``win_add2path.py`` file and run that. Open a **new** Command Prompt and +(e.g :file:`C:\Python27`), then go to :file:`Tools`, then :file:`Scripts`; then find the +:file:`win_add2path.py` file and run that. Open a **new** Command Prompt and check that you can now just type :command:`python` to bring up the interpreter. Finally, to install `virtualenv`_, you can simply run:: diff --git a/docs/security.rst b/docs/security.rst index d1920f3a..55ac91fe 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -25,7 +25,7 @@ careful: - generating HTML without the help of Jinja2 - calling :class:`~flask.Markup` on data submitted by users - sending out HTML from uploaded files, never do that, use the - `Content-Disposition: attachment` header to prevent that problem. + ``Content-Disposition: attachment`` header to prevent that problem. - sending out textfiles from uploaded files. Some browsers are using content-type guessing based on the first few bytes so users could trick a browser to execute HTML. @@ -71,7 +71,7 @@ application's users with social engineering to do stupid things without them knowing. Say you have a specific URL that, when you sent ``POST`` requests to will -delete a user's profile (say `http://example.com/user/delete`). If an +delete a user's profile (say ``http://example.com/user/delete``). If an attacker now creates a page that sends a post request to that page with some JavaScript they just has to trick some users to load that page and their profiles will end up being deleted.