I need to prevent from directory traversal attack from my code using Python. My code is below: Here I need user is running like http://127.0.0.1:8000/createfile/?param=../../../../../../../../etc/passwd this it should prevent the directory traversal attack. Answer Suppose the user content is all located in Ending with / is important as heinrichj mentions to ensure the check below matches against a specific directory.