django-next-url-mixin 0.4.0

Next url mixin witch doesn't redirect to external website

Next url mixin which is safe to phishing attacks

Naive implementation of the next URL mechanism is vulnerable to phishing attacks. This implementation aims to

1. raise awareness of that

2. provide safe implementation (possibly seen by more eyes)

The mixin does it’s work in form_valid() function, so it can be used for offspring of FormView or simillar view classes.

Documentation

The full documentation is at https://django-next-url-mixin.readthedocs.io.

Quickstart

Install Django next url mixin:

pip install django-next-url-mixin

Use it in your views:

from django.views.generic.edit import FormView
from next_url_mixin import NextUrlMixin

class MyView(NextUrlMixin, FormView):

    # If you are overriding form_valid(), don't forgot to return the super value with the redirect to the new url
    def form_valid(self, *args, **kwargs):
        return_value = super().form_valid(*args, **kwargs)
        return return_value

Running Tests

Does the code actually work?

source <YOURVIRTUALENV>/bin/activate
(myenv) $ pip install tox
(myenv) $ tox

Credits

Tools used in rendering this package:

• Cookiecutter

• cookiecutter-djangopackage

History

0.4.0 (2022-08-22)

• Added support for Django 4.1

0.3.0 (2022-03-11)

• Split mixin into GetNextPageMixin to allow usage of only get_next_page()

0.2.0 (2020-06-22)

• Fix saving POST form

0.1.0 (2020-06-12)

• First release on PyPI.