forked from orbit-oss/flask
Added templating docs. This basically fixes #92
This commit is contained in:
Armin Ronacher
parent
fd06bcfbf0
commit
4a2d2ba3b8
4 changed files with 200 additions and 1 deletions
|
|
@ -5,9 +5,18 @@ Web applications usually face all kinds of security problems and it's very
|
|||
hard to get everything right. Flask tries to solve a few of these things
|
||||
for you, but there are a couple more you have to take care of yourself.
|
||||
|
||||
.. _xss:
|
||||
|
||||
Cross-Site Scripting (XSS)
|
||||
--------------------------
|
||||
|
||||
Cross site scripting is the concept of injecting arbitrary HTML (and with
|
||||
it JavaScript) into the context of a website. To rememdy this, developers
|
||||
have to properly escape text so that it cannot include arbitrary HTML
|
||||
tags. For more information on that have a look at the Wikipedia article
|
||||
on `Cross-Site Scripting
|
||||
<http://en.wikipedia.org/wiki/Cross-site_scripting>`_.
|
||||
|
||||
Flask configures Jinja2 to automatically escape all values unless
|
||||
explicitly told otherwise. This should rule out all XSS problems caused
|
||||
in templates, but there are still other places where you have to be
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue