playground
/
flask
mirror of https://github.com/mitsuhiko/flask.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

docs: ``http://...``

pull/1240/head
defuz 10 years ago
parent
974e144843
commit
7e157ee589
2 changed files with 4 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      docs/installation.rst
  2. 4
      docs/security.rst

4
docs/installation.rst
Unescape View File

@ -162,8 +162,8 @@ and :command:`python` which will run those things, but this might not automatica
on Windows, because it doesn't know where those executables are (give either a try!). on Windows, because it doesn't know where those executables are (give either a try!).
To fix this, you should be able to navigate to your Python install directory To fix this, you should be able to navigate to your Python install directory
(e.g ``C:\Python27``), then go to ``Tools``, then ``Scripts``; then find the (e.g :file:`C:\Python27`), then go to :file:`Tools`, then :file:`Scripts`; then find the
``win_add2path.py`` file and run that. Open a **new** Command Prompt and :file:`win_add2path.py` file and run that. Open a **new** Command Prompt and
check that you can now just type :command:`python` to bring up the interpreter. check that you can now just type :command:`python` to bring up the interpreter.
Finally, to install `virtualenv`_, you can simply run:: Finally, to install `virtualenv`_, you can simply run::

4
docs/security.rst
Unescape View File

@ -25,7 +25,7 @@ careful:
- generating HTML without the help of Jinja2 - generating HTML without the help of Jinja2
- calling :class:`~flask.Markup` on data submitted by users - calling :class:`~flask.Markup` on data submitted by users
- sending out HTML from uploaded files, never do that, use the - sending out HTML from uploaded files, never do that, use the
`Content-Disposition: attachment` header to prevent that problem. ``Content-Disposition: attachment`` header to prevent that problem.
- sending out textfiles from uploaded files. Some browsers are using - sending out textfiles from uploaded files. Some browsers are using
content-type guessing based on the first few bytes so users could content-type guessing based on the first few bytes so users could
trick a browser to execute HTML. trick a browser to execute HTML.
@ -71,7 +71,7 @@ application's users with social engineering to do stupid things without
them knowing. them knowing.
Say you have a specific URL that, when you sent ``POST`` requests to will Say you have a specific URL that, when you sent ``POST`` requests to will
delete a user's profile (say `http://example.com/user/delete`). If an delete a user's profile (say ``http://example.com/user/delete``). If an
attacker now creates a page that sends a post request to that page with attacker now creates a page that sends a post request to that page with
some JavaScript they just has to trick some users to load that page and some JavaScript they just has to trick some users to load that page and
their profiles will end up being deleted. their profiles will end up being deleted.

Write Preview
Loading…
Cancel
Save