id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23602	Document that get_absolute_url should not return a link/url made from user input	Markus Holtermann	Markus Holtermann	"The docs for `get_absolute_url()` should clearly state that returning something completely made from user input is a bad idea and may lead to link or redirect poisoning.

https://docs.djangoproject.com/en/1.7/ref/models/instances/#get-absolute-url"	Uncategorized	closed	Documentation	dev	Normal	fixed		Markus Holtermann	Accepted	1	0	0	0	0	0