id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
22504	Wrong terminology (TLD/SLD) in docs: /topics/security/	chris@…	nobody	"/topics/security says about leveraging the same-origin policy:

  One class of attacks can be prevented by always serving user uploaded content from a distinct Top Level Domain (TLD). This prevents any exploit blocked by same-origin policy protections such as cross site scripting. For example, if your site runs on example.com, you would want to serve uploaded content (the MEDIA_URL setting) from something like usercontent-example.com. It’s not sufficient to serve content from a subdomain like usercontent.example.com.

The term ""Top Level Domain"" is wrong and should be replaced by ""second-level domain"". In this example, the TLD is .com, but the example emphasizes the difference between ""example.com"" and ""usercontent-example.com"", which are different SLDs sharing the same TLD.
"	Bug	closed	Documentation	dev	Normal	fixed			Accepted	1	0	0	0	1	0