Use escape function in return statement for username and subpath.

2021-05-14 13:23:34 -07:00 · 2021-05-14 13:23:34 -07:00 · 9c186ccfe8
commit 9c186ccfe8
parent 6e0fb11717
1 changed files with 2 additions and 2 deletions
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@ -246,7 +246,7 @@ of the argument like ``<converter:variable_name>``. ::
    @app.route('/user/<username>')
    def show_user_profile(username):
        # show the user profile for that user
-        return f'User {username}'
+        return f'User {escape(username)}'

    @app.route('/post/<int:post_id>')
    def show_post(post_id):
@ -256,7 +256,7 @@ of the argument like ``<converter:variable_name>``. ::
    @app.route('/path/<path:subpath>')
    def show_subpath(subpath):
        # show the subpath after /path/
-        return f'Subpath {subpath}'
+        return f'Subpath {escape(subpath)}'

 Converter types: