Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #16248 -- Corrected a few typos in the security docs. Thanks, b…

…uddelkiste.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16397 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 3ee076b1355f888133b9f5915e9118066ee2acc1 1 parent 5180e73
Jannis Leidel authored June 14, 2011

Showing 1 changed file with 5 additions and 5 deletions. Show diff stats Hide diff stats

  1. 10  docs/topics/security.txt
10  docs/topics/security.txt
@@ -13,7 +13,7 @@ Cross site scripting (XSS) protection
13 13
 .. highlightlang:: html+django
14 14
 
15 15
 XSS attacks allow a user to inject client side scripts into the
16  
-browsers of other users. This is usually acheived by storing the malicious
  16
+browsers of other users. This is usually achieved by storing the malicious
17 17
 scripts to the database where it will be retrieved and displayed to other users
18 18
 or to get users to click a link containing variables containing scripts that
19 19
 will be rendered by the user's browser. However, XSS attacks can originate
@@ -25,7 +25,7 @@ and its limitations.
25 25
 
26 26
 Django templates :ref:`escape specific characters <automatic-html-escaping>`
27 27
 which are particularly dangerous to HTML. While this protects users from most
28  
-malications input, it is not entirely foolproof. For example, it will not
  28
+malicious input, it is not entirely foolproof. For example, it will not
29 29
 protect the following:
30 30
 
31 31
 .. code-block:: html+django
@@ -97,7 +97,7 @@ Django contains :ref:`clickjacking protection <clickjacking-prevention>` in
97 97
 the form of the
98 98
 :mod:`X-Frame-Options middleware <django.middleware.clickjacking.XFrameOptionsMiddleware>`
99 99
 which in a supporting browser can prevent a site from being rendered inside
100  
-of a frame. It is possible to disable the protection on a per view basis
  100
+a frame. It is possible to disable the protection on a per view basis
101 101
 or to configure the exact header value sent.
102 102
 
103 103
 The middleware is strongly recommended for any site that does not need to have
@@ -139,7 +139,7 @@ information is not leaked:
139 139
   :setting:`CSRF_COOKIE_SECURE` settings to ``True``. This instructs the browser
140 140
   to only send these cookies over HTTPS connections. Note that this will mean
141 141
   that sessions will not work over HTTP, and the CSRF protection will prevent
142  
-  any data POST data being accepted over HTTP (which will be fine if you are
  142
+  any POST data being accepted over HTTP (which will be fine if you are
143 143
   redirecting all HTTP traffic to HTTPS).
144 144
 
145 145
 .. _additional-security-topics:
@@ -157,7 +157,7 @@ security protection of the web server, operating system and other components.
157 157
   brute-force attacks against the authentication system, you may consider
158 158
   deploying a Django plugin or web server module to throttle these requests.
159 159
 * If your site accepts file uploads, it is strongly advised that you limit
160  
-  the these uploads in your web server configuration to a reasonable
  160
+  these uploads in your web server configuration to a reasonable
161 161
   size in order to prevent denial of service (DOS) attacks. In Apache, this
162 162
   can be easily set using the LimitRequestBody_ directive.
163 163
 * Keep your :setting:`SECRET_KEY` a secret.

0 notes on commit 3ee076b

Please sign in to comment.
Something went wrong with that request. Please try again.