%global _empty_manifest_terminate_build 0 Name: python-is-safe-url Version: 1.0 Release: 1 Summary: Django's is_safe_url() bundled as a standalone package. License: BSD URL: https://gitlab.com/MarkusH/is_safe_url Source0: https://mirrors.nju.edu.cn/pypi/web/packages/a4/94/be63323c7096a133a1b3ca89f4c096f0828ad0e169dba24cef6c28e1dd0d/is_safe_url-1.0.tar.gz BuildArch: noarch %description # `is_safe_url()` Redirecting a visitor to another URL is common. It's also common that the redirect target is controllable by a visitor. One can often find a `?next` or `?on_complete` GET parameter with the redirect target. While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to [Unvalidated Redirect and Forwards](https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet). Thus, one needs to check if the redirect target is "safe" before redirecting a visitor. The [Django web framework](https://djangoproject.com) has a utility function `is_safe_url()` that attempts to validate a given target against a set of valid hosts. This package unbundles the function and easily allows other projects to use it. ```python >>> from is_safe_url import is_safe_url >>> is_safe_url("/redirect/target", {"example.com", "www.example.com"}) True >>> is_safe_url("//example.com/redirect/target", {"example.com", "www.example.com"}) True >>> is_safe_url("//evil.net/redirect/target", {"example.com"}) False >>> is_safe_url("http://example.com/redirect/target", {"example.com"}) True >>> is_safe_url("http://example.com/redirect/target", {"example.com"}, require_https=True) False >>> is_safe_url("https://example.com/redirect/target", {"example.com"}, require_https=True) True ``` # Security Please report security issues **privately** to the [Django security team](security@djangoproject.com) or [Markus Holtermann](info+security+is-safe-url@markusholtermann.eu). %package -n python3-is-safe-url Summary: Django's is_safe_url() bundled as a standalone package. Provides: python-is-safe-url BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-is-safe-url # `is_safe_url()` Redirecting a visitor to another URL is common. It's also common that the redirect target is controllable by a visitor. One can often find a `?next` or `?on_complete` GET parameter with the redirect target. While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to [Unvalidated Redirect and Forwards](https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet). Thus, one needs to check if the redirect target is "safe" before redirecting a visitor. The [Django web framework](https://djangoproject.com) has a utility function `is_safe_url()` that attempts to validate a given target against a set of valid hosts. This package unbundles the function and easily allows other projects to use it. ```python >>> from is_safe_url import is_safe_url >>> is_safe_url("/redirect/target", {"example.com", "www.example.com"}) True >>> is_safe_url("//example.com/redirect/target", {"example.com", "www.example.com"}) True >>> is_safe_url("//evil.net/redirect/target", {"example.com"}) False >>> is_safe_url("http://example.com/redirect/target", {"example.com"}) True >>> is_safe_url("http://example.com/redirect/target", {"example.com"}, require_https=True) False >>> is_safe_url("https://example.com/redirect/target", {"example.com"}, require_https=True) True ``` # Security Please report security issues **privately** to the [Django security team](security@djangoproject.com) or [Markus Holtermann](info+security+is-safe-url@markusholtermann.eu). %package help Summary: Development documents and examples for is-safe-url Provides: python3-is-safe-url-doc %description help # `is_safe_url()` Redirecting a visitor to another URL is common. It's also common that the redirect target is controllable by a visitor. One can often find a `?next` or `?on_complete` GET parameter with the redirect target. While this form of redirection is convenient, blindly redirecting a visitor to the given target can easily lead to [Unvalidated Redirect and Forwards](https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet). Thus, one needs to check if the redirect target is "safe" before redirecting a visitor. The [Django web framework](https://djangoproject.com) has a utility function `is_safe_url()` that attempts to validate a given target against a set of valid hosts. This package unbundles the function and easily allows other projects to use it. ```python >>> from is_safe_url import is_safe_url >>> is_safe_url("/redirect/target", {"example.com", "www.example.com"}) True >>> is_safe_url("//example.com/redirect/target", {"example.com", "www.example.com"}) True >>> is_safe_url("//evil.net/redirect/target", {"example.com"}) False >>> is_safe_url("http://example.com/redirect/target", {"example.com"}) True >>> is_safe_url("http://example.com/redirect/target", {"example.com"}, require_https=True) False >>> is_safe_url("https://example.com/redirect/target", {"example.com"}, require_https=True) True ``` # Security Please report security issues **privately** to the [Django security team](security@djangoproject.com) or [Markus Holtermann](info+security+is-safe-url@markusholtermann.eu). %prep %autosetup -n is-safe-url-1.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-is-safe-url -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Tue Apr 11 2023 Python_Bot - 1.0-1 - Package Spec generated