From: Eric Covener <covener@apache.org>
Date: Sun, 29 Mar 2020 13:22:19 +0000 (+0000)
Subject: xforms
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1550
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca227fb5c4662a51fa095ab743870118f13ad4b5;p=thirdparty%2Fapache%2Fhttpd.git

xforms

[skip ci]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875854 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_userdir.html.en b/docs/manual/mod/mod_userdir.html.en
index 3c40dc3507a..f95d40beb89 100644
--- a/docs/manual/mod/mod_userdir.html.en
+++ b/docs/manual/mod/mod_userdir.html.en
@@ -38,6 +38,14 @@
 <tr><th><a href="module-dict.html#SourceFile">Source&#160;File:</a></th><td>mod_userdir.c</td></tr></table>
 <h3>Summary</h3>
 
+<div class="warning">By using this module you are allowing multiple users
+to host content within the same origin. The same origin policy is a key
+principle of Javascript and web security. By hosting web pages in the same
+origin these pages can read and control each other and security issues in
+one page may affect another. This is particularly dangerous in combination
+with web pages involving dynamic content and authentication and when
+your users don't necessarily trust each other.</div>
+
 <p>This module allows user-specific directories to be accessed using the
 <code>http://example.com/~user/</code> syntax.</p>
 </div>