Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how does jinja2 prevent XSS attacks?

Tags:

xss

jinja2

According to the Jinja2 docs Link, it provides:

powerful automatic HTML escaping system for XSS prevention

According to the Flask docs, it prevents XSS attacks by configuring Jinja2 to automatically escape all values unless explicitly told otherwise. So does Jinja2 do anything on its own to prevent XSS attacks?

like image 795
Ashwin Kumar Avatar asked Jun 29 '26 23:06

Ashwin Kumar


1 Answers

by default, everything flask outputs via jinja2 is HTML escaped so that even if you display a user generated string it is guaranteed not to contain any malicious javascript/html codes.

see more here

like image 53
akiva Avatar answered Jul 04 '26 18:07

akiva