New translations en.json (Italian)

[ci skip]
Signed-off-by: Björn Kimminich <[email protected]>

data/static/i18n/it_IT.json

@@ -433,5 +433,21 @@
 	"Removing the setting to trust proxies does not improve security of the rate limiting. It might have some unforseen or unintended functional side-effects, though.": "Removing the setting to trust proxies does not improve security of the rate limiting. It might have some unforseen or unintended functional side-effects, though.",
 	"Replacing the \"X-Forwarded-For\" header with its standardized alternative \"Forwarded\" does not close the security flaw of how this header is actually being used and can be abused by attackers.": "Replacing the \"X-Forwarded-For\" header with its standardized alternative \"Forwarded\" does not close the security flaw of how this header is actually being used and can be abused by attackers.",
 	"Reducing the rate limit from 100 requests in 5min to 10 reqests in 3min could be seen as a security improvement, if there wasn't an entirely unrelated misconfiguration at play here.": "Reducing the rate limit from 100 requests in 5min to 10 reqests in 3min could be seen as a security improvement, if there wasn't an entirely unrelated misconfiguration at play here.",
-	"Removing the custom key generator that lets an arbitrary HTTP header take precedence over the client IP is the best option here. Now an attacker at least needs to fake their actual IP to bypass the rate limiting, as this is the default key for the RateLimit module used here. There is a functional downside though, as now users behin e.g. corporate proxies might be rate limited as a group and not individually. But with 100 allowed password resets in 5min this should not occur too frequently.": "Removing the custom key generator that lets an arbitrary HTTP header take precedence over the client IP is the best option here. Now an attacker at least needs to fake their actual IP to bypass the rate limiting, as this is the default key for the RateLimit module used here. There is a functional downside though, as now users behin e.g. corporate proxies might be rate limited as a group and not individually. But with 100 allowed password resets in 5min this should not occur too frequently."
+	"Removing the custom key generator that lets an arbitrary HTTP header take precedence over the client IP is the best option here. Now an attacker at least needs to fake their actual IP to bypass the rate limiting, as this is the default key for the RateLimit module used here. There is a functional downside though, as now users behin e.g. corporate proxies might be rate limited as a group and not individually. But with 100 allowed password resets in 5min this should not occur too frequently.": "Removing the custom key generator that lets an arbitrary HTTP header take precedence over the client IP is the best option here. Now an attacker at least needs to fake their actual IP to bypass the rate limiting, as this is the default key for the RateLimit module used here. There is a functional downside though, as now users behin e.g. corporate proxies might be rate limited as a group and not individually. But with 100 allowed password resets in 5min this should not occur too frequently.",
+	"Find all places in the code which are handling the product descriptions.": "Find all places in the code which are handling the product descriptions.",
+	"Manually encoding the angular brackets of the HTML tags does not add any security. It is likely to break descriptions with legitimate HTML tags for styling or links, though.": "Manually encoding the angular brackets of the HTML tags does not add any security. It is likely to break descriptions with legitimate HTML tags for styling or links, though.",
+	"The removed code block deals with handling of different screen sizes and is entirely unrelated to the given XSS vulnerability.": "The removed code block deals with handling of different screen sizes and is entirely unrelated to the given XSS vulnerability.",
+	"Using bypassSecurityTrustScript() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact.": "Using bypassSecurityTrustScript() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact.",
+	"Removing the bypass of sanitization entirely is the best way to fix the XSS vulnerability here. It should be noted, that XSS is only a consequence of broken autheorization in this case, as users should not be allowed to change product descriptions in the first place.": "Removing the bypass of sanitization entirely is the best way to fix the XSS vulnerability here. It should be noted, that XSS is only a consequence of broken autheorization in this case, as users should not be allowed to change product descriptions in the first place.",
+	"To find the culprit lines, you need to understand how MongoDB handles updating records.": "To find the culprit lines, you need to understand how MongoDB handles updating records.",
+	"Did you notice that the developers retrieved a reference to the user but never actually use it for anything? This might be part of the problem.": "Did you notice that the developers retrieved a reference to the user but never actually use it for anything? This might be part of the problem.",
+	"Another problematic line you need to select, is actually missing something that ties the user to the review.": "Another problematic line you need to select, is actually missing something that ties the user to the review.",
+	"This solution would reassign an updated review to the last editor, but it would not prevent to change other user's reviews in the first place.": "This solution would reassign an updated review to the last editor, but it would not prevent to change other user's reviews in the first place.",
+	"Removing the option to update multiple documents at once is a good idea and might actually help against another flaw in this code. But it does not fix the problem of allowing users to update other user's reviews.": "Removing the option to update multiple documents at once is a good idea and might actually help against another flaw in this code. But it does not fix the problem of allowing users to update other user's reviews.",
+	"Setting the author on server-side based on the user retrieved from the authentication token in the HTTP request is the right call. It prevents users from just passing any author email they like along with the request.": "Setting the author on server-side based on the user retrieved from the authentication token in the HTTP request is the right call. It prevents users from just passing any author email they like along with the request.",
+	"Does this query really need to allow updating more than one review at once?": "Does this query really need to allow updating more than one review at once?",
+	"Consider the query parameters under control of the attacker and try to find the one where they might inject some query-altering command.": "Consider the query parameters under control of the attacker and try to find the one where they might inject some query-altering command.",
+	"Removing the option to update multiple documents at once combined with avoiding a \"not-equal\"-based injection is insufficient against any attacker with at least moderate MongoDB query knowledge.": "Removing the option to update multiple documents at once combined with avoiding a \"not-equal\"-based injection is insufficient against any attacker with at least moderate MongoDB query knowledge.",
+	"Removing the option to update multiple documents at once is definitely necessary. But it is unfortunately not a sufficient fix, as an attacker might still be able to \"add back\" the multi-update behavior.": "Removing the option to update multiple documents at once is definitely necessary. But it is unfortunately not a sufficient fix, as an attacker might still be able to \"add back\" the multi-update behavior.",
+	"Removing the option to update multiple documents at once combined with only allowing plain strings in the ID parameter is the right call. This will prevent any attacker from injecting their own JSON payload to manipulate the query in their favor.": "Removing the option to update multiple documents at once combined with only allowing plain strings in the ID parameter is the right call. This will prevent any attacker from injecting their own JSON payload to manipulate the query in their favor."
 }