Django's is_safe_url() bundled as a standalone package.
Project description
is_safe_url()
Redirecting a visitor to another URL is common. It's also common that the
redirect target is controllable by a visitor. One can often find a ?next
or
?on_complete
GET parameter with the redirect target.
While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to Unvalidated Redirect and Forwards. Thus, one needs to check if the redirect target is "safe" before redirecting a visitor.
The Django web framework has a utility function
is_safe_url()
that attempts to validate a given target against a set of valid
hosts. This package unbundles the function and easily allows other projects to
use it.
>>> from is_safe_url import is_safe_url
>>> is_safe_url("/redirect/target", {"example.com", "www.example.com"})
True
>>> is_safe_url("//example.com/redirect/target", {"example.com", "www.example.com"})
True
>>> is_safe_url("//evil.net/redirect/target", {"example.com"})
False
>>> is_safe_url("http://example.com/redirect/target", {"example.com"})
True
>>> is_safe_url("http://example.com/redirect/target", {"example.com"}, require_https=True)
False
>>> is_safe_url("https://example.com/redirect/target", {"example.com"}, require_https=True)
True
Security
Please report security issues privately to the Django security team or Markus Holtermann.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file is_safe_url-1.0.tar.gz
.
File metadata
- Download URL: is_safe_url-1.0.tar.gz
- Upload date:
- Size: 5.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d776186f6877211daefde6a18da1df520de985a582b293e7aa24ea1df1cd5abb |
|
MD5 | 0a963173c49fd727b745e647e489330e |
|
BLAKE2b-256 | a494be63323c7096a133a1b3ca89f4c096f0828ad0e169dba24cef6c28e1dd0d |
File details
Details for the file is_safe_url-1.0-py3-none-any.whl
.
File metadata
- Download URL: is_safe_url-1.0-py3-none-any.whl
- Upload date:
- Size: 5.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0d55e554974039deec7f9a395aab1e488abac811006d17f930607c43e6d3948e |
|
MD5 | e2f9918fb703387cd591f977a8bccaa3 |
|
BLAKE2b-256 | 7ac340c363bc4c3d0ddcda3489239ba64752b8c18cb6493e058f8f1b73154925 |