Re: [Django] #23602: Document that get_absolute_url should return a link/url made from user input

2014-10-04 Thread Django 
#23602: Document that get_absolute_url should return a link/url made from user
input
---+---
 Reporter:  Markush2010|Owner:  Markush2010
 Type:  Uncategorized  |   Status:  assigned
Component:  Documentation  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+---

Comment (by collinanderson):

 Do you have an example?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.e16c2d738b83d5337293703954fa283d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #23602: Document that get_absolute_url should return a link/url made from user input

2014-10-04 Thread Django 
#23602: Document that get_absolute_url should return a link/url made from user
input
---+---
 Reporter:  Markush2010|Owner:  Markush2010
 Type:  Uncategorized  |   Status:  assigned
Component:  Documentation  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+---
Changes (by Markush2010):

 * status:  new => assigned
 * needs_docs:   => 0
 * has_patch:  0 => 1
 * needs_tests:   => 0
 * needs_better_patch:   => 0


Comment:

 Pull request: https://github.com/django/django/pull/3307

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.5eeb0062cd5858bc5f032481b1aab8ce%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #23602: Document that get_absolute_url should return a link/url made from user input

2014-10-04 Thread Django 
#23602: Document that get_absolute_url should return a link/url made from user
input
---+-
 Reporter:  Markush2010|  Owner:  Markush2010
 Type:  Uncategorized  | Status:  new
Component:  Documentation  |Version:  master
 Severity:  Normal |   Keywords:
 Triage Stage:  Unreviewed |  Has patch:  0
Easy pickings:  0  |  UI/UX:  0
---+-
 The docs for `get_absolute_url()` should clearly state that returning
 something completely made from user input is a bad idea and may lead to
 link or redirect poisoning.

 https://docs.djangoproject.com/en/1.7/ref/models/instances/#get-absolute-
 url

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/054.a513be0faeb8d83dd1f967586ca34d15%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.