d9e3405f5a
* chore: update redirections to be from allowed hosts * chore: update redirection logic * chore: add web url in settings * chore: add next path validation * chore: update typings * chore: update typings * chore: update types --------- Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
21 lines
662 B
Python
21 lines
662 B
Python
# Python imports
|
|
from urllib.parse import urlparse
|
|
|
|
|
|
def validate_next_path(next_path: str) -> str:
|
|
"""Validates that next_path is a valid path and extracts only the path component."""
|
|
parsed_url = urlparse(next_path)
|
|
|
|
# Ensure next_path is not an absolute URL
|
|
if parsed_url.scheme or parsed_url.netloc:
|
|
next_path = parsed_url.path # Extract only the path component
|
|
|
|
# Ensure it starts with a forward slash (indicating a valid relative path)
|
|
if not next_path.startswith("/"):
|
|
return ""
|
|
|
|
# Ensure it does not contain dangerous path traversal sequences
|
|
if ".." in next_path:
|
|
return ""
|
|
|
|
return next_path
|