Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Moved two paragraphs from "deprecated features" to "backwards-incompa…

…tible changes", where they belong.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17354 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit c51c9b3ce61239ec2a11df56baf24106738bb44a 1 parent cd46863
Aymeric Augustin authored January 07, 2012

Showing 1 changed file with 16 additions and 16 deletions. Show diff stats Hide diff stats

  1. 32  docs/releases/1.4.txt
32  docs/releases/1.4.txt
@@ -920,6 +920,22 @@ whose primary use is to load fixtures consisting of simple objects. Even though
920 920
 fixtures are trusted data, the YAML deserializer now uses ``yaml.safe_load``
921 921
 for additional security.
922 922
 
  923
+Session cookies now have the ``httponly`` flag by default
  924
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  925
+
  926
+Session cookies now include the ``httponly`` attribute by default to
  927
+help reduce the impact of potential XSS attacks. For strict backwards
  928
+compatibility, use ``SESSION_COOKIE_HTTPONLY = False`` in your settings file.
  929
+
  930
+The :tfilter:`urlize` filter no longer escapes every URL
  931
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  932
+
  933
+When an URL contains a ``%xx`` sequence, where ``xx`` are two hexadecimal
  934
+digits, :tfilter:`urlize` assumes that the URL is already escaped, and doesn't
  935
+apply URL escaping again. This is wrong for URLs whose unquoted form contains
  936
+a ``%xx`` sequence, but such URLs are very unlikely to happen in the wild,
  937
+since they would confuse browsers too.
  938
+
923 939
 Features deprecated in 1.4
924 940
 ==========================
925 941
 
@@ -1053,22 +1069,6 @@ Now, the flags are keyword arguments of :meth:`@register.filter
1053 1069
 
1054 1070
 See :ref:`filters and auto-escaping <filters-auto-escaping>` for more information.
1055 1071
 
1056  
-The :tfilter:`urlize` filter no longer escapes every URL
1057  
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1058  
-
1059  
-When an URL contains a ``%xx`` sequence, where ``xx`` are two hexadecimal
1060  
-digits, :tfilter:`urlize` assumes that the URL is already escaped, and doesn't
1061  
-apply URL escaping again. This is wrong for URLs whose unquoted form contains
1062  
-a ``%xx`` sequence, but such URLs are very unlikely to happen in the wild,
1063  
-since they would confuse browsers too.
1064  
-
1065  
-Session cookies now have the ``httponly`` flag by default
1066  
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1067  
-
1068  
-Session cookies now include the ``httponly`` attribute by default to
1069  
-help reduce the impact of potential XSS attacks. For strict backwards
1070  
-compatibility, use ``SESSION_COOKIE_HTTPONLY = False`` in your settings file.
1071  
-
1072 1072
 Wildcard expansion of application names in `INSTALLED_APPS`
1073 1073
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1074 1074
 

0 notes on commit c51c9b3

Please sign in to comment.
Something went wrong with that request. Please try again.