Skip to content
This repository has been archived by the owner on Aug 10, 2019. It is now read-only.

Update README.md #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #15

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
- XSS漏洞:Tornado框架原则上所有输出在模板里的变量都会经过“HTML实体化”,包括单引号,一般情况下不会存在XSS漏洞。另外,社区帖子内容为富文本,将经过富文本过滤器Python-XSS-Filter( https://github.com/phith0n/python-xss-filter )过滤并输出。
- CSRF漏洞:Tornado框架在开启xsrf\_cookies后,所有POST表单如果没有Token将不会被接受。Minos默认开启xsrf\_cookies,并且所有增删改查操作均通过POST进行。
- 密码存储:Minos中,用户密码使用bcrypt库计算哈希后存入数据库,加密方法类似Wordpress,不能被简单破译。
- 稳定:作者女座的性格处理所有已知问题,不允许一个warning。Minos已在debian上稳定运行多日。
- 稳定:作者处女座的性格处理所有已知问题,不允许一个warning。Minos已在debian上稳定运行多日。
- 响应式:框架AmazeUI是一个mobile first的前端框架,对于各种屏幕的适应性都很好,加上我在手机屏幕大小的情况下隐藏了很多不必要的功能,所以在手机端也能愉快地看文章啦~

### 架构简要说明
Expand Down Expand Up @@ -230,4 +230,4 @@ location / {
请遵守MPL协议,对Minos进行二次开发与使用。
你可以对Minos进行修改、使用,但版权属于原作者,未经作者许可不允许进行商业使用。

![enter image description here](http://www.leavesongs.com/)
![enter image description here](http://www.leavesongs.com/)