Re: [Django] #37131: Improvements to the security topic

[Django]

#37131: Improvements to the security topic
--------------------------------------+------------------------------------
Reporter: blighj | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Tim Graham):

* stage: Unreviewed => Accepted

--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#37131: Improvements to the security topic

-------------------------------------+-------------------------------------
Reporter: blighj | Owner: B V
Type: | HITESH SAI
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by B V HITESH SAI):

* owner: (none) => B V HITESH SAI
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:3>

[Django]

#37131: Improvements to the security topic

--------------------------------------+------------------------------------
Reporter: blighj | Owner: (none)
Type: Cleanup/optimization | Status: new

Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------------+------------------------------------

Changes (by B V HITESH SAI):

* owner: B V HITESH SAI => (none)
* status: assigned => new

--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:4>

[Django]

#37131: Improvements to the security topic
--------------------------------------+------------------------------------

Reporter: blighj | Owner: Pranith
Type: Cleanup/optimization | Status: assigned

Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

Changes (by Pranith):

* owner: (none) => Pranith

* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:5>

[Django]

#37131: Improvements to the security topic
--------------------------------------+------------------------------------

Reporter: blighj | Owner: (none)
Type: Cleanup/optimization | Status: new

Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Pranith):

* owner: Pranith => (none)

* status: assigned => new

--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:6>

[Django]

#37131: Improvements to the security topic
--------------------------------------+------------------------------------
Reporter: blighj | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by Juan Pedro Roldán):

Hi,

I reviewed this ticket and the attached `security_xss.patch` as a new
contributor looking for documentation-related tasks.

From a reader's perspective, the proposed changes seem useful because they
make the XSS section easier to follow. In particular, separating the
explanation into shorter paragraphs and listing common XSS scenarios makes
the documentation clearer than the current single-paragraph explanation.

I also found the added clarification about Django templates' autoescaping
and its limitations helpful, especially the example showing why leaving an
HTML attribute unquoted can still be risky.

I don't have enough experience with Django's security documentation to
mark this as ready for check-in, but the wording in the patch seems
understandable and useful from a new contributor/user perspective.

I hope this review helps with the triage process.
--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:7>

[Django]

#37131: Improvements to the security topic
--------------------------------------+------------------------------------
Reporter: blighj | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by blighj):

The ticket is not assigned, if you wanted you could take it on, create a
PR out of the patch?
--
Ticket URL: <https://code.djangoproject.com/ticket/37131#comment:8>