40 lines
727 B
Plaintext
40 lines
727 B
Plaintext
== How to fix it in Flask
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
from flask import Flask, redirect
|
|
|
|
app = Flask("example")
|
|
|
|
@app.route("/redirect")
|
|
def redirect():
|
|
url = request.args["url"]
|
|
return redirect(url) # Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
from flask import Flask, redirect, url_for
|
|
|
|
app = Flask("example")
|
|
|
|
@app.route("/redirect")
|
|
def redirect():
|
|
url = request.args["url"]
|
|
return redirect(url_for(url))
|
|
----
|
|
|
|
include::../../common/fix/how-does-this-work.adoc[]
|
|
|
|
=== Pitfalls
|
|
|
|
include::../../common/pitfalls/starts-with.adoc[]
|