Hopiu/django
1
0
Fork 0
mirror of https://github.com/Hopiu/django.git synced 2026-03-16 22:10:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added warning about flatpages and untrusted users.

Browse source
This commit is contained in:
Mariusz Felisiak 2023-09-27 19:09:10 +02:00 committed by GitHub
parent f9e9526800
commit 571bab9887
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/ref/contrib/flatpages.txt
View file

@ -164,6 +164,13 @@ For more on middleware, read the :doc:`middleware docs
How to add, change and delete flatpages
=======================================
.. warning::
Permissions to add or edit flatpages should be restricted to trusted users.
Flatpages are defined by raw HTML and are **not sanitized** by Django. As a
consequence, a malicious flatpage can lead to various security
vulnerabilities, including permission escalation.
.. _flatpages-admin:
Via the admin interface