Skip to main content

Django's is_safe_url() bundled as a standalone package.

Project description


Redirecting a visitor to another URL is common. It's also common that the redirect target is controllable by a visitor. One can often find a ?next or ?on_complete GET parameter with the redirect target.

While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to Unvalidated Redirect and Forwards. Thus, one needs to check if the redirect target is "safe" before redirecting a visitor.

The Django web framework has a utility function is_safe_url() that attempts to validate a given target against a set of valid hosts. This package unbundles the function and easily allows other projects to use it.

>>> from is_safe_url import is_safe_url
>>> is_safe_url("/redirect/target", {"", ""})
>>> is_safe_url("//", {"", ""})
>>> is_safe_url("//", {""})
>>> is_safe_url("", {""})
>>> is_safe_url("", {""}, require_https=True)
>>> is_safe_url("", {""}, require_https=True)


Please report security issues privately to the Django security team or Markus Holtermann.

Project details

Release history Release notifications

This version
History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
is_safe_url-1.0-py3-none-any.whl (5.4 kB) Copy SHA256 hash SHA256 Wheel py3
is_safe_url-1.0.tar.gz (5.1 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page