Bird
0
0

You see this template code:

medium📝 Debug Q14 of 15
Django - Security Best Practices
You see this template code:
{{ comment|safe }}

but users report XSS attacks. What is the likely problem?
AThe template engine is disabled.
BThe <code>escape</code> filter is missing.
CThe template variable is not wrapped in quotes.
DThe <code>safe</code> filter is used on untrusted user input.
Step-by-Step Solution
Solution:

  1. Step 1: Analyze the use of the safe filter

    Using safe on user input disables escaping, allowing scripts to run if input is malicious.

  2. Step 2: Identify the cause of XSS

    Applying safe to untrusted input is unsafe and causes XSS vulnerabilities.

  3. Final Answer:

    The safe filter is used on untrusted user input. -> Option D

  4. Quick Check:

    Unsafe use of safe filter = The safe filter is used on untrusted user input. [OK]
Quick Trick: Never use '|safe' on untrusted user input [OK]
Common Mistakes:
MISTAKES
  • Assuming escape filter fixes safe misuse
  • Thinking quotes affect XSS protection
  • Believing template engine disables XSS automatically

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Caching - Cache backends (memory, Redis, Memcached) - Quiz 10hard Caching - Low-level cache API - Quiz 5medium Celery and Background Tasks - Defining tasks - Quiz 9hard Celery and Background Tasks - Periodic tasks with Celery Beat - Quiz 14medium Deployment and Production - Why production setup differs - Quiz 3easy Deployment and Production - CI/CD pipeline basics - Quiz 1easy Security Best Practices - Security checklist (manage.py check --deploy) - Quiz 10hard Security Best Practices - SQL injection protection via ORM - Quiz 14medium Signals - Connecting signal handlers - Quiz 4medium Signals - Custom signals - Quiz 3easy