src/product/mirrorManual.txt 34221be37944fac0dfa79a676d280f3c0d6aa8d3

34221be37944fac0dfa79a676d280f3c0d6aa8d3
max
  Thu Aug 8 07:24:46 2024 -0700
typos2, refs #34166

diff --git src/product/mirrorManual.txt src/product/mirrorManual.txt
index 452a1ee..e5128fa 100644
--- src/product/mirrorManual.txt
+++ src/product/mirrorManual.txt
@@ -1357,31 +1357,31 @@
     # domains to whitelist, skip cert checking, space-separated list
         httpsCertCheckDomainExceptions=somedomain1.com somedomain2.edu
 
 
 # Notes on security
 
 The Genome Browser is a complicated piece of software of more than 2 million
 lines of code that have been developed over 20 years. When running security
 scanners on it, false positives are likely. At UCSC, we run a security scan
 on the Genome Browser ourselves once a month and it is easy to see why the scanners 
 find problems in the Genome Browser that are not actual problems:
 
 * The Genome Browser draws remote genome annotation files that are streamed on
   the fly through https.
   This means that parts of these files appear in our user interface. Various
-  features of custom tracks and track hubs specifically reference external html
+  features of custom tracks and track hubs specifically reference external 
   file via URLs that the user can define and we place no restrictions on these URLs
   for various reasons. These features
   predate the introduction of CORS to the internet protocols by at least five
   years, and the servers from where these files are loaded by the Genome Browser
   do not need to specifically allow the requests. As a result, this is not a security
   exploit but an intentional feature, similar to a webservice that checks files entered via a
   URL (e.g. a robots.txt analyzer) that then show the content of the URLs on their web pages. 
   Security scanners will find these features and flag them as SSRF exploits 
   (Server-side request forgery), but they are a result of our features and not
   a problem of our software and not a problem in the context of our public web servers.
 * Conversely, when running a local Genome Browser at your institution, do not assume that the
   Genome Browser web server can be granted access to internal files that should not be shared
   with the outside world. The Genome Browser is not a secure gateway, 
   and anything that the Genome Browser can access may be displayable by any 
   Genome Browser user. For example, if you restrict internal files to access from only the