Skip to main content

Django's is_safe_url() bundled as a standalone package.

Project description


Redirecting a visitor to another URL is common. It's also common that the redirect target is controllable by a visitor. One can often find a ?next or ?on_complete GET parameter with the redirect target.

While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to Unvalidated Redirect and Forwards. Thus, one needs to check if the redirect target is "safe" before redirecting a visitor.

The Django web framework has a utility function is_safe_url() that attempts to validate a given target against a set of valid hosts. This package unbundles the function and easily allows other projects to use it.

>>> from is_safe_url import is_safe_url
>>> is_safe_url("/redirect/target", {"", ""})
>>> is_safe_url("//", {"", ""})
>>> is_safe_url("//", {""})
>>> is_safe_url("", {""})
>>> is_safe_url("", {""}, require_https=True)
>>> is_safe_url("", {""}, require_https=True)


Please report security issues privately to the Django security team or Markus Holtermann.

Project details

Release history Release notifications | RSS feed

This version


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

is_safe_url-1.0.tar.gz (5.1 kB view hashes)

Uploaded Source

Built Distribution

is_safe_url-1.0-py3-none-any.whl (5.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page