Skip to content

Commit

Permalink
Rectifying horrifying word choice in README.
Browse files Browse the repository at this point in the history
  • Loading branch information
@lethain
lethain committed Oct 27, 2008
1 parent a710865 commit baf4193
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.markdown
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

### CONCEPT
# CONCEPT

The purpose of django-userskins is to allow Django apps
The purpose of django-userskins is to facilitate Django apps
to allow users to select from a variety of provided skins
to customize how a site looks for them. Essentially, to
provide the functionality exposed in Twitter's recent
Expand Down

2 comments on commit baf4193

@rictic
Copy link

@rictic rictic commented on baf4193 Oct 28, 2008

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing that might be worth noting here:

Don’t let one user create a skin that another user might use, because you can inject javascript into certain CSS properties and some browsers will evaluate it. It seems like you’re using it just for a static set of styles which is perfectly safe, but it’s an obvious enough use that people might try, and it seems innocuous at first blush. It might merit a word of caution.

@lethain
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hadn’t thought very far in that direction. Good points, and something I’ll think about. Some kind of JS sanitizer would work for people trying to accomplish that (if such a thing exists…)

Please sign in to comment.