What is HTML Escaping in Flask?

1.	What is HTML Escaping in Flask?
Answer» To protect against injection attacks, any user-provided values rendered in the output must be enclosed when returning HTML (the default response TYPE in Flask). This will be DONE AUTOMATICALLY using HTML templates produced with Jinja. The escape() function, which is seen below, can be used manually. Most examples remove it for brevity's sake, but you should constantly be conscious of how you're employing untrustworthy data. from markupsafe IMPORT escape[Text Wrapping Break][Text Wrapping Break]@app.route("/<name>")[Text Wrapping Break]def hello(name):[Text Wrapping Break] RETURN f"Hello, {escape(name)}!" If a user enters the name <script>alert("bad")</script>, it is rendered as text rather than running the script in the user's browser due to escaping.

Answer»

To protect against injection attacks, any user-provided values rendered in the output must be enclosed when returning HTML (the default response TYPE in Flask). This will be DONE AUTOMATICALLY using HTML templates produced with Jinja.

The escape() function, which is seen below, can be used manually. Most examples remove it for brevity's sake, but you should constantly be conscious of how you're employing untrustworthy data.

from markupsafe IMPORT escape[Text Wrapping Break][Text Wrapping Break]@app.route("/<name>")[Text Wrapping Break]def hello(name):[Text Wrapping Break] RETURN f"Hello, {escape(name)}!"

If a user enters the name <script>alert("bad")</script>, it is rendered as text rather than running the script in the user's browser due to escaping.

Discussion

No Comment Found

Related InterviewSolutions

What will you do if your codebase is growing so rapidly? How do you scale your application?
Describe Blueprint Error Handlers.
How to redirect a user to another endpoint? Explain how to handle errors for redirecting a user.
Deploy Flask application with Fabric.
Deploy Flask application with Setuptools.
Explain async and await in the Flask application. When do we use Quart instead?
What are URL Processors? How to internationalize Blueprint URLs?
What is Application Dispatching? Show an example of application dispatching with any WSGI server.
Explain Application Factories in terms of Blueprints in the Flask application.
What are Blueprints and why do we use them? Create a Blueprint in Flask.