Input sanitization helps keep your web app safe by cleaning user data before using it. It stops bad data from causing problems.
from flask import Flask, request, escape app = Flask(__name__) @app.route('/submit', methods=['POST']) def submit(): user_input = request.form['user_input'] safe_input = escape(user_input) return f"You entered: {safe_input}"
escape() converts special characters to safe HTML entities.
Always sanitize before displaying or storing user input.
from flask import escape raw = '<script>alert(1)</script>' safe = escape(raw) print(safe)
user_input = request.args.get('name', '') safe_name = escape(user_input)
escape from MarkupSafe safely escapes HTML content.from markupsafe import escape raw_html = '<b>bold</b>' safe_html = escape(raw_html) print(safe_html)
This Flask app shows a form. When you submit text, it cleans the input and shows it safely on the page.
from flask import Flask, request, escape app = Flask(__name__) @app.route('/') def form(): return ''' <form method="POST" action="/submit"> Enter text: <input name="user_input"> <input type="submit"> </form> ''' @app.route('/submit', methods=['POST']) def submit(): user_input = request.form['user_input'] safe_input = escape(user_input) return f"You entered: {safe_input}"
Sanitizing input is not the same as validating it. Validation checks if input is correct; sanitization cleans it.
Use escape() from Flask or MarkupSafe to prevent cross-site scripting (XSS) attacks.
Always sanitize data before showing it in HTML pages.
Input sanitization cleans user data to keep your app safe.
Use escape() to convert special characters to safe HTML.
Sanitize all user input before displaying or storing it.