*/
    protected boolean isFileSystemPath(final String url) {
        return ComponentUtil.getProtocolHelper().isFileSystemPath(url);
    }

    /**
     * Validates if the URL is safe for redirection.
     *
     * @param url the URL to validate
     * @return true if the URL is valid for redirection, false otherwise
     */
    protected boolean isValidRedirectUrl(final String url) {

     * Reloads the document index by closing and reopening it.
     *
     * @param form the action form (validated but not used for configuration)
     * @return HTML response redirecting to the maintenance page
     */
    @Execute
    @Secured({ ROLE })
    public HtmlResponse reloadDocIndex(final ActionForm form) {
        validate(form, messages -> {}, this::asIndexHtml);
        verifyToken(this::asIndexHtml);

And then in our code, we parse that YAML content directly, and then we are again using the same Pydantic model to validate the YAML content:

{* ../../docs_src/path_operation_advanced_configuration/tutorial007_py39.py hl[24:31] *}

/// tip

Here we reuse the same Pydantic model.

But the same way, we could have validated it in some other way.

            throw new SsoLoginException("unexpected set of artifacts received");
        }
    }

    /**
     * Validates the OAuth2 state parameter.
     * @param session The HTTP session containing stored state data.
     * @param state The state parameter to validate.
     * @return The validated state data.
     */
    protected StateData validateState(final HttpSession session, final String state) {

It would also mean that if you get data from the `Request` object directly (for example, read the body) it won't be validated, converted or documented (with OpenAPI, for the automatic API user interface) by FastAPI.

Although any other parameter declared normally (for example, the body with a Pydantic model) would still be validated, converted, annotated, etc.

But there are specific cases where it's useful to get the `Request` object.

    items: list[dict[str, Any]]
    metadata: dict[str, Any]


class LargeOut(BaseModel):
    items: list[dict[str, Any]]
    metadata: dict[str, Any]


app = FastAPI()


@app.post("/sync/validated", response_model=ItemOut)
def sync_validated(item: ItemIn, dep: Annotated[int, Depends(dep_b)]):
    return ItemOut(name=item.name, value=item.value, dep=dep)


@app.get("/sync/dict-no-response-model")

from docs_src.path_operation_advanced_configuration.tutorial006_py39 import app

client = TestClient(app)


def test_post():
    response = client.post("/items/", content=b"this is actually not validated")
    assert response.status_code == 200, response.text
    assert response.json() == {
        "size": 30,
        "content": {
            "name": "Maaaagic",
            "price": 42,

///

### Read Heroes with `HeroPublic` { #read-heroes-with-heropublic }

We can do the same as before to **read** `Hero`s, again, we use `response_model=list[HeroPublic]` to ensure that the data is validated and serialized correctly.

{* ../../docs_src/sql_databases/tutorial002_an_py310.py ln[65:72] hl[65] *}

### Read One Hero with `HeroPublic` { #read-one-hero-with-heropublic }

We can **read** a single hero:

    client = TestClient(mod.app)
    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Could not validate credentials"}
    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


def test_incorrect_token_type(mod: ModuleType):
    client = TestClient(mod.app)
    response = client.get(

 * referenced in HTML documents. This generator extracts images from HTML content
 * and processes them to create thumbnail images based on configured dimensions
 * and format settings.
 *
 * <p>The generator validates image MIME types, processes image data through
 * ImageIO operations, and applies scaling and cropping to generate thumbnails
 * that meet the specified size requirements.</p>
 *
 */