From 9c186ccfe8fa4156123e9252a6e8a9cc68bfecab Mon Sep 17 00:00:00 2001
From: Rafael Aviles <rafa.vfierro@outlook.com>
Date: Fri, 14 May 2021 13:23:34 -0700
Subject: [PATCH] Use escape function in return statement for username and
 subpath.

---
 docs/quickstart.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index 9418835a..5cd59f41 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -246,7 +246,7 @@ of the argument like ``<converter:variable_name>``. ::
     @app.route('/user/<username>')
     def show_user_profile(username):
         # show the user profile for that user
-        return f'User {username}'
+        return f'User {escape(username)}'
 
     @app.route('/post/<int:post_id>')
     def show_post(post_id):
@@ -256,7 +256,7 @@ of the argument like ``<converter:variable_name>``. ::
     @app.route('/path/<path:subpath>')
     def show_subpath(subpath):
         # show the subpath after /path/
-        return f'Subpath {subpath}'
+        return f'Subpath {escape(subpath)}'
 
 Converter types: