diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-14 14:40:10 -0200 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-14 14:40:10 -0200 |
| commit | 8ce72d91b68ef61ce7149ccac0c1be8923561ac2 (patch) | |
| tree | 0bd14c57828e343e62e59b9ab8b34a17defa261e /guides | |
| parent | 820f635bfbde959750a1e0806e023462eea515b0 (diff) | |
| parent | 848e377a2017234e3831599346918fb8d413fd28 (diff) | |
| download | rails-8ce72d91b68ef61ce7149ccac0c1be8923561ac2.tar.gz rails-8ce72d91b68ef61ce7149ccac0c1be8923561ac2.tar.bz2 rails-8ce72d91b68ef61ce7149ccac0c1be8923561ac2.zip | |
Merge pull request #14061 from davejachimiak/add_verb_in_guides
Add verb to sanitization note
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 70fb066b64..ece431dae7 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -549,7 +549,7 @@ Injection is very tricky, because the same code or parameter can be malicious in ### Whitelists versus Blacklists -NOTE: _When sanitizing, protecting or verifying something, whitelists over blacklists._ +NOTE: _When sanitizing, protecting or verifying something, prefer whitelists over blacklists._ A blacklist can be a list of bad e-mail addresses, non-public actions or bad HTML tags. This is opposed to a whitelist which lists the good e-mail addresses, public actions, good HTML tags and so on. Although sometimes it is not possible to create a whitelist (in a SPAM filter, for example), _prefer to use whitelist approaches_: |