include::../description.adoc[]

== Noncompliant Code Example

[source,python]
----
from flask import request
import urllib

@app.route('/proxy')
def proxy():
    url = request.args["url"]
    return urllib.request.urlopen(url).read() # Noncompliant
----

== Compliant Solution

[source,python]
----
from flask import request
import urllib

DOMAINS_WHITELIST = ['domain1.com', 'domain2.com']

@app.route('/proxy')
def proxy():
    url = request.args["url"]
    if urllib.parse.urlparse(url).hostname in DOMAINS_WHITELIST:
        return urllib.request.urlopen(url).read()
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]