Closed slugbucket closed 5 years ago
Tracking as feature request feat0009
$ git flow feature start feat0009
Initial development completed
$ git add crossword_hints.db crossword_hints.py requirements.txt
$ git commit -m "feat0009 use urllib3 parse functions to check the safety of the forwarding next URL; include urllib3 in the requirements when building via virtualenv"
$ git push --set-upstream origin feature/feat0009
requirements.txt gets an update because in Python 3 there is no urlparse (as shown in the Flask snippet); the functionality has moved to the urllib3 library and this will be needed when building with virtualenv.
The feature should prevent the application being vulnerable to open redirects.
$ git flow feature finish feat0009
Switched to branch 'develop'
Your branch is up to date with 'origin/develop'.
Updating 2464c80..dc8eba0
Fast-forward
crossword_hints.db | Bin 81920 -> 81920 bytes
crossword_hints.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++---
requirements.txt | 1 +
3 files changed, 52 insertions(+), 3 deletions(-)
To github.com:slugbucket/crossword-hints.git
- [deleted] feature/feat0009
Deleted branch feature/feat0009 (was dc8eba0).
Summary of actions:
- The feature branch 'feature/feat0009' was merged into 'develop'
- Feature branch 'feature/feat0009' has been locally deleted; it has been remotely deleted from 'origin'
- You are now on branch 'develop'
http://flask.pocoo.org/snippets/62/ describes a means by which the redirect URL is validated (to some degree) before completing the action.