def redirect(self, endpoint='main.index', **values): """ Redirects the client to endpoint if no other safe redirect target is found. Args: endpoint: The endpoint to redirect to, defaults to 'main.index' **values: Values for the endpoint Returns: A redirection to the URL in the next field, returned by get_redirect_target() or endpoint, prioritized in that order. """ if is_safe_url(self.next.data): return redirect(self.next.data) target = get_redirect_target() return redirect(target or url_for(endpoint, **values))
def test_is_safe_url(self): with self.app.test_request_context(): self.assertFalse(is_safe_url('http://externalsite.com')) self.assertTrue(is_safe_url(url_for('main.index', _external=True))) self.assertTrue(is_safe_url('safe_internal_link'))