{ "info": { "author": "Markus Holtermann, Django Software Foundation and individual contributors", "author_email": "info@markusholtermann.eu", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: BSD License", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7" ], "description": "\n# `is_safe_url()`\n\nRedirecting a visitor to another URL is common. It's also common that the \nredirect target is controllable by a visitor. One can often find a `?next` or\n`?on_complete` GET parameter with the redirect target.\n\nWhile this form of redirection is convenient, blindly redirecting a visitor to\nthe given target can easily lead to [Unvalidated Redirect and Forwards](https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet).\nThus, one needs to check if the redirect target is \"safe\" before redirecting a\nvisitor.\n\nThe [Django web framework](https://djangoproject.com) has a utility function\n`is_safe_url()` that attempts to validate a given target against a set of valid\nhosts. This package unbundles the function and easily allows other projects to\nuse it.\n\n```python\n>>> from is_safe_url import is_safe_url\n>>> is_safe_url(\"/redirect/target\", {\"example.com\", \"www.example.com\"})\nTrue\n>>> is_safe_url(\"//example.com/redirect/target\", {\"example.com\", \"www.example.com\"})\nTrue\n>>> is_safe_url(\"//evil.net/redirect/target\", {\"example.com\"})\nFalse\n>>> is_safe_url(\"http://example.com/redirect/target\", {\"example.com\"})\nTrue\n>>> is_safe_url(\"http://example.com/redirect/target\", {\"example.com\"}, require_https=True)\nFalse\n>>> is_safe_url(\"https://example.com/redirect/target\", {\"example.com\"}, require_https=True)\nTrue\n```\n\n# Security\n\nPlease report security issues **privately** to the\n[Django security team](security@djangoproject.com) or\n[Markus Holtermann](info+security+is-safe-url@markusholtermann.eu).\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://gitlab.com/MarkusH/is_safe_url", "keywords": "", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "is-safe-url", "package_url": "https://pypi.org/project/is-safe-url/", "platform": "", "project_url": "https://pypi.org/project/is-safe-url/", "project_urls": { "Homepage": "https://gitlab.com/MarkusH/is_safe_url" }, "release_url": "https://pypi.org/project/is-safe-url/1.0/", "requires_dist": null, "requires_python": "", "summary": "Django's is_safe_url() bundled as a standalone package.", "version": "1.0" }, "last_serial": 4358404, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "e2f9918fb703387cd591f977a8bccaa3", "sha256": "0d55e554974039deec7f9a395aab1e488abac811006d17f930607c43e6d3948e" }, "downloads": -1, "filename": "is_safe_url-1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "e2f9918fb703387cd591f977a8bccaa3", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5418, "upload_time": "2018-10-10T02:06:25", "url": "https://files.pythonhosted.org/packages/7a/c3/40c363bc4c3d0ddcda3489239ba64752b8c18cb6493e058f8f1b73154925/is_safe_url-1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0a963173c49fd727b745e647e489330e", "sha256": "d776186f6877211daefde6a18da1df520de985a582b293e7aa24ea1df1cd5abb" }, "downloads": -1, "filename": "is_safe_url-1.0.tar.gz", "has_sig": false, "md5_digest": "0a963173c49fd727b745e647e489330e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5144, "upload_time": "2018-10-10T02:06:27", "url": "https://files.pythonhosted.org/packages/a4/94/be63323c7096a133a1b3ca89f4c096f0828ad0e169dba24cef6c28e1dd0d/is_safe_url-1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e2f9918fb703387cd591f977a8bccaa3", "sha256": "0d55e554974039deec7f9a395aab1e488abac811006d17f930607c43e6d3948e" }, "downloads": -1, "filename": "is_safe_url-1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "e2f9918fb703387cd591f977a8bccaa3", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5418, "upload_time": "2018-10-10T02:06:25", "url": "https://files.pythonhosted.org/packages/7a/c3/40c363bc4c3d0ddcda3489239ba64752b8c18cb6493e058f8f1b73154925/is_safe_url-1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0a963173c49fd727b745e647e489330e", "sha256": "d776186f6877211daefde6a18da1df520de985a582b293e7aa24ea1df1cd5abb" }, "downloads": -1, "filename": "is_safe_url-1.0.tar.gz", "has_sig": false, "md5_digest": "0a963173c49fd727b745e647e489330e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5144, "upload_time": "2018-10-10T02:06:27", "url": "https://files.pythonhosted.org/packages/a4/94/be63323c7096a133a1b3ca89f4c096f0828ad0e169dba24cef6c28e1dd0d/is_safe_url-1.0.tar.gz" } ] }