Let’s say someone codes a url like this:
http://domain.com/do/something?next=http://domain.com/homepage
Now an attacker can craft the url like that:
http://domain.com/do/something?next=http://evildomain.com/homepage
If you don’t sanitise the next, your user will be taken to the evil site. This is the Open Redirect vulnerability.
That’s why you must make sure urls are safe. You do it like that:
from flask import request, g, redirect
from urllib.parse import urlparse, urljoin
def is_safe_redirect_url(target):
host_url = urlparse(request.host_url)
redirect_url = urlparse(urljoin(request.host_url, target))
return (
redirect_url.scheme in ("http", "https")
and host_url.netloc == redirect_url.netloc
)
def get_safe_redirect(url):
if url and is_safe_redirect_url(url):
return url
url = request.referrer
if url and is_safe_redirect_url(url):
return url
return "/"
Just pass your url to get_safe_redirect.
The above is a courtesy of the shopyoapi.security from the Shopyo project.
hello there and thank you for your information – I have definitely picked up anything new from right here. I did however expertise a few technical points using this web site, since I experienced to reload the web site many times previous to I could get it to load correctly. I had been wondering if your hosting is OK? Not that I’m complaining, but slow loading instances times will very frequently affect your placement in google and could damage your high quality score if advertising and marketing with Adwords. Well I’m adding this RSS to my email and could look out for a lot more of your respective intriguing content. Make sure you update this again soon.|
I simply could not leave your website prior to suggesting that I really loved the usual information a person supply for your visitors? Is gonna be again often in order to investigate cross-check new posts|
If you are going for finest contents like I do, simply go to see this site everyday as it presents feature contents, thanks|
Wow, awesome blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is magnificent, let alone the content!|
Thank you a bunch for sharing this with all of us you actually know what you are speaking about! Bookmarked. Kindly additionally seek advice from my site =). We could have a hyperlink exchange arrangement between us|