How to xss sanitize a url in python

Asked Aug 24 '16 at 23:24

Active Aug 24 '16 at 23:24

Viewed 965 times

There's tons of discussion on this topic on the web. Lots of references saying "you must sanitize urls".

Even Jeff Atwood has an answer for the topic: Best way to handle security and avoid XSS with user entered URLs This answer must be disregarded because there are comments pointing out that it is wrong, but no response to those comments - so this is not a duplicate question.

But nowhere can I find a straight answer to the question "how, specifically, do I sanitize a URL in Python?", with an example.

edited May 23 '17 at 12:23

Community

asked Aug 24 '16 at 23:24

Duke Dougal

24,359
31
91
123

How are you displaying a user-provided URL? – Blender Aug 24 '16 at 23:32
@blender in a web browser, but that shouldn't matter in answering this question. I'm interested in knowing how to do it in Python. – Duke Dougal Aug 25 '16 at 00:10
By "how", I mean how are you putting the URL in your page? As a link? As an image? Or are you allowing the user to input HTML? – Blender Aug 25 '16 at 00:13
I am sanitzing urls provided by end users which will then become hrefs in anchor tags. – Duke Dougal Aug 25 '16 at 00:31
@DukeDougal Shockingly, this is still the case 8 years later – vlasits Sep 02 '22 at 18:12

How to xss sanitize a url in python

0 Answers0