According to the Jinja2 docs Link, it provides:
powerful automatic HTML escaping system for XSS prevention
According to the Flask docs, it prevents XSS attacks by configuring Jinja2 to automatically escape all values unless explicitly told otherwise. So does Jinja2 do anything on its own to prevent XSS attacks?
by default, everything flask outputs via jinja2 is HTML escaped so that even if you display a user generated string it is guaranteed not to contain any malicious javascript/html codes.
see more here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With