gh-146581: Update docs for dangerous filenames in ZIP files

Author: serhiy-storchaka

Doc/library/shutil.rst

@@ -750,7 +750,7 @@ provided.  They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
       Never extract archives from untrusted sources without prior inspection.
       It is possible that files are created outside of the path specified in
       the *extract_dir* argument, e.g. members that have absolute filenames
-      starting with "/" or filenames with two dots "..".
+      or filenames with ".." components.
 
       Since Python 3.14, the defaults for both built-in formats (zip and tar
       files) will prevent the most dangerous of such security issues,

Doc/library/zipfile.rst

@@ -412,8 +412,8 @@ ZipFile objects
 
       Never extract archives from untrusted sources without prior inspection.
       It is possible that files are created outside of *path*, e.g. members
-      that have absolute filenames starting with ``"/"`` or filenames with two
-      dots ``".."``.  This module attempts to prevent that.
+      that have absolute filenames or filenames with ".." components.
+      This module attempts to prevent that.
       See :meth:`extract` note.
 
    .. versionchanged:: 3.6
@@ -590,7 +590,7 @@ Path objects
       The :class:`Path` class does not sanitize filenames within the ZIP archive. Unlike
       the :meth:`ZipFile.extract` and :meth:`ZipFile.extractall` methods, it is the
       caller's responsibility to validate or sanitize filenames to prevent path traversal
-      vulnerabilities (e.g., filenames containing ".." or absolute paths). When handling
+      vulnerabilities (e.g., absolute paths or paths with ".." cmponents). When handling
       untrusted archives, consider resolving filenames using :func:`os.path.abspath`
       and checking against the target directory with :func:`os.path.commonpath`.