Flaskframework~30 mins

Input sanitization in Flask - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Input Sanitization in Flask

📖 Scenario: You are building a simple Flask web app that accepts a username from a user through a form. To keep the app safe and clean, you need to make sure the username input is sanitized before using it.

🎯 Goal: Create a Flask app that receives a username from a form, sanitizes the input by removing unwanted characters, and then displays the cleaned username on a new page.

📋 What You'll Learn

Create a Flask app with a route to show a form

Add a route to handle form submission

Sanitize the username input by removing all characters except letters, numbers, and underscores

Display the sanitized username on a result page

💡 Why This Matters

🌍 Real World

Input sanitization is essential in web apps to prevent security issues like injection attacks and to keep data clean and consistent.

💼 Career

Understanding how to sanitize user input is a key skill for web developers to build secure and reliable applications.

Progress0 / 4 steps

Set up Flask app and form route

Import Flask and render_template from flask. Create a Flask app called app. Add a route for /' that returns a template called form.html.

Flask

# Your code here

Need a hint?

Start by importing Flask and render_template, then create the app and a route for the form page.

Add form submission route and get username

Import request from flask. Add a route /submit with methods=['POST']. Inside the function submit(), get the username from the form using request.form['username'] and store it in a variable called username.

Flask

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/')
def form():
    return render_template('form.html')

# Your code here

Need a hint?

Use request.form['username'] to get the input from the form.

Sanitize the username input

Import re module. Use re.sub to remove all characters from username except letters, numbers, and underscores. Store the cleaned result back in username. Use the pattern r'[^\w]' and replace matches with an empty string.

Flask

import re

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/')
def form():
    return render_template('form.html')

@app.route('/submit', methods=['POST'])
def submit():
    username = request.form['username']
    # Your code here

Need a hint?

Use re.sub with the pattern r'[^\w]' to keep only letters, numbers, and underscores.

Render the sanitized username on a result page

Return render_template with 'result.html' and pass the sanitized username as a keyword argument. The key should be username.

Flask

import re

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/')
def form():
    return render_template('form.html')

@app.route('/submit', methods=['POST'])
def submit():
    username = request.form['username']
    username = re.sub(r'[^\w]', '', username)
    # Your code here

Need a hint?

Use render_template to show the result page with the cleaned username.