From 2766cc1600c1d81dcdf00e6669c31289b71b4d05 Mon Sep 17 00:00:00 2001
From: Manuel Sousa <manuelsousamvs@gmail.com>
Date: Fri, 25 Sep 2020 11:29:26 +0100
Subject: [PATCH] Small fix

---
 .../docs/defenses/design-protections/subresource-protections.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/defenses/design-protections/subresource-protections.md b/content/docs/defenses/design-protections/subresource-protections.md
index d60f58265..c95c027ca 100644
--- a/content/docs/defenses/design-protections/subresource-protections.md
+++ b/content/docs/defenses/design-protections/subresource-protections.md
@@ -17,7 +17,7 @@ One of the principles of protecting subresources is the same as protecting endpo
 
 Some applications might ask for user consent to trigger a certain sensitive action. Facebook deploys this protection in some sensible search endpoints like `https://www.facebook.com/messages/?qa=UserMustConsent`, where a user musk press OK to advance with the search query. Since attackers can't surpass this verification, the page won't leak any special behavior.
 
-User Consent is often asked in applications to warn the user it's being redirected to a page **outside** of the current website.
+User consent is often asked in applications to warn the user it's being redirected to a website **outside** of the current website. This prevents attackers to [detect some type of navigations](https://TODO).
 
 ## Deployment