0Pricing
Flask Academy · Lesson

Autoescaping and the safe Filter

Stay XSS-safe and opt out only when sure.

The Danger of Raw HTML

If you print user text straight into a page, a sneaky input could inject scripts. This attack is called XSS, and Flask defends against it.

Autoescaping Is On

By default Jinja2 turns on autoescaping for HTML templates. Dangerous characters get neutralized before they reach the browser.

All lessons in this course

  1. render_template and the templates Folder
  2. Pass Data into a Template
  3. Jinja2 Loops and Conditionals
  4. Autoescaping and the safe Filter
← Back to Flask Academy