diff options
| author | ejo <ericongerth@gmail.com> | 2011-07-09 13:29:38 -0700 |
|---|---|---|
| committer | ejo <ericongerth@gmail.com> | 2011-07-09 13:29:38 -0700 |
| commit | 35259d7b1f029391a839c96f7750d6b3433ad2c9 (patch) | |
| tree | 45428371246b8baf6c12785f8978f5d643c2e2bd /docs | |
| parent | b44aab103120749bd42e531974f28e67c16a1be0 (diff) | |
| download | pyramid-35259d7b1f029391a839c96f7750d6b3433ad2c9.tar.gz pyramid-35259d7b1f029391a839c96f7750d6b3433ad2c9.tar.bz2 pyramid-35259d7b1f029391a839c96f7750d6b3433ad2c9.zip | |
Old sentence was grammatically incorrect, literally meant that the URL or button in question did not know it was redirecting the user. It is the user who does not know, so "unwittingly" is replaced with "secretly"; "surreptitiously" would be another accurate alternative. An alternative sentence construction that maintains the word "unwittingly" would be, e.g., "...might click on a URL or button on another website and be unwittingly redirected to your application to perform some command that requires elevated privileges."
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/sessions.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index 97e3ebc55..365ee395b 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -288,7 +288,7 @@ Preventing Cross-Site Request Forgery Attacks `Cross-site request forgery <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`_ attacks are a phenomenon whereby a user with an identity on your website might click on a -URL or button on another website which unwittingly redirects the user to your +URL or button on another website which secretly redirects the user to your application to perform some command that requires elevated privileges. You can avoid most of these attacks by making sure that the correct *CSRF |