def is_safe_url(target: str) -> bool:
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return (
# same scheme
test_url.scheme in ('http', 'https') and
# same host and port
ref_url.netloc == test_url.netloc and
# and different endoint
ref_url.path != test_url.path
)
评论列表
文章目录
