Bird
0
0

Given the template code:

medium📝 component behavior Q13 of 15
Django - Security Best Practices
Given the template code:
{{ user_input }}

and the user input is <script>alert('XSS')</script>, what will be rendered in the browser?
A<script>alert('XSS')</script> shown as text
B<script>alert('XSS')</script> executed as script
CAn error message about unsafe content
DNothing will be shown
Step-by-Step Solution
Solution:

  1. Step 1: Understand default escaping of variables

    Django escapes user input by default, so HTML tags are shown as text, not executed.

  2. Step 2: Apply this to the given input

    The script tags will be converted to safe text entities and displayed literally.

  3. Final Answer:

    <script>alert('XSS')</script> shown as text -> Option A

  4. Quick Check:

    Escaped input shows tags as text = <script>alert('XSS')</script> shown as text [OK]
Quick Trick: Default escape shows tags as text, not scripts [OK]
Common Mistakes:
MISTAKES
  • Thinking the script runs automatically
  • Expecting an error instead of safe output
  • Assuming nothing is shown for unsafe input

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Caching - Cache backends (memory, Redis, Memcached) - Quiz 10hard Caching - Low-level cache API - Quiz 5medium Celery and Background Tasks - Defining tasks - Quiz 9hard Celery and Background Tasks - Periodic tasks with Celery Beat - Quiz 14medium Deployment and Production - Why production setup differs - Quiz 3easy Deployment and Production - CI/CD pipeline basics - Quiz 1easy Security Best Practices - Security checklist (manage.py check --deploy) - Quiz 10hard Security Best Practices - SQL injection protection via ORM - Quiz 14medium Signals - Connecting signal handlers - Quiz 4medium Signals - Custom signals - Quiz 3easy