Skip to main content

Django's is_safe_url() bundled as a standalone package.

Project description

is_safe_url()

Redirecting a visitor to another URL is common. It's also common that the redirect target is controllable by a visitor. One can often find a ?next or ?on_complete GET parameter with the redirect target.

While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to Unvalidated Redirect and Forwards. Thus, one needs to check if the redirect target is "safe" before redirecting a visitor.

The Django web framework has a utility function is_safe_url() that attempts to validate a given target against a set of valid hosts. This package unbundles the function and easily allows other projects to use it.

>>> from is_safe_url import is_safe_url
>>> is_safe_url("/redirect/target", {"example.com", "www.example.com"})
True
>>> is_safe_url("//example.com/redirect/target", {"example.com", "www.example.com"})
True
>>> is_safe_url("//evil.net/redirect/target", {"example.com"})
False
>>> is_safe_url("http://example.com/redirect/target", {"example.com"})
True
>>> is_safe_url("http://example.com/redirect/target", {"example.com"}, require_https=True)
False
>>> is_safe_url("https://example.com/redirect/target", {"example.com"}, require_https=True)
True

Security

Please report security issues privately to the Django security team or Markus Holtermann.

Project details


Release history Release notifications | RSS feed

This version

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

is_safe_url-1.0.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

is_safe_url-1.0-py3-none-any.whl (5.4 kB view details)

Uploaded Python 3

File details

Details for the file is_safe_url-1.0.tar.gz.

File metadata

  • Download URL: is_safe_url-1.0.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.0

File hashes

Hashes for is_safe_url-1.0.tar.gz
Algorithm Hash digest
SHA256 d776186f6877211daefde6a18da1df520de985a582b293e7aa24ea1df1cd5abb
MD5 0a963173c49fd727b745e647e489330e
BLAKE2b-256 a494be63323c7096a133a1b3ca89f4c096f0828ad0e169dba24cef6c28e1dd0d

See more details on using hashes here.

File details

Details for the file is_safe_url-1.0-py3-none-any.whl.

File metadata

  • Download URL: is_safe_url-1.0-py3-none-any.whl
  • Upload date:
  • Size: 5.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.0

File hashes

Hashes for is_safe_url-1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0d55e554974039deec7f9a395aab1e488abac811006d17f930607c43e6d3948e
MD5 e2f9918fb703387cd591f977a8bccaa3
BLAKE2b-256 7ac340c363bc4c3d0ddcda3489239ba64752b8c18cb6493e058f8f1b73154925

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page