Prevent XSS in Templates
A snippet showing how Django auto-escapes template variables to prevent XSS.
# template.html
<p>{{ user_input }}</p>
<p>{{ safe_html|safe }}</p>
Explanation:
- By default, Django escapes template variables to prevent XSS.
-
Use
|safeonly for trusted content; sanitize user-generated HTML before storing.
- Category Security
- Total Views 683
- Last Modified 12 March, 2026
- Tags #security #xss #templates #escaping
Previous snippet
Use Password Hashing
Next snippet