From 54a2a2a9983913a91ccef3aac107a159434a4714 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 28 Mar 2020 20:01:10 +0000
Subject: Taint enforce: directory open backstops, single-key search filename

---
 doc/doc-docbook/spec.xfpt | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc')

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 2a3fb6c51..8605fdc3b 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6675,6 +6675,10 @@ Two different types of data lookup are implemented:
 The &'single-key'& type requires the specification of a file in which to look,
 and a single key to search for. The key must be a non-empty string for the
 lookup to succeed. The lookup type determines how the file is searched.
+.new
+.cindex "tainted data" "single-key lookups"
+The file string may not be tainted
+.wen
 .next
 .cindex "query-style lookup" "definition of"
 The &'query-style'& type accepts a generalized database query. No particular
-- 
cgit v1.2.3