Bird
0
0

Which of the following Flask code snippets correctly sanitizes user input before rendering it in HTML?

easy📝 Syntax Q3 of 15
Flask - Security Best Practices
Which of the following Flask code snippets correctly sanitizes user input before rendering it in HTML?
Auser_input = request.args.get('name').lower()
Buser_input = request.args.get('name')
Cfrom flask import escape user_input = escape(request.args.get('name'))
Duser_input = request.args.get('name').strip()
Step-by-Step Solution
Solution:

  1. Step 1: Check for sanitization function usage

    Only from flask import escape user_input = escape(request.args.get('name')) uses escape() to sanitize input.

  2. Step 2: Understand other options

    Options A, B, and C get input but do not sanitize it.

  3. Final Answer:

    from flask import escape\nuser_input = escape(request.args.get('name')) -> Option C

  4. Quick Check:

    Sanitization requires escape() usage [OK]
Quick Trick: Always wrap user input with escape() before HTML output [OK]
Common Mistakes:
MISTAKES
  • Assuming strip() sanitizes input
  • Using lower() as sanitization
  • Not importing escape() before use

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Flask Quizzes
Flask Ecosystem and Patterns - Command pattern with Flask CLI - Quiz 9hard Middleware and Extensions - Before_request as middleware alternative - Quiz 4medium Middleware and Extensions - Flask-Caching for response caching - Quiz 13medium Security Best Practices - CSRF protection - Quiz 11easy Testing Flask Applications - Test fixtures with pytest - Quiz 13medium Testing Flask Applications - Testing forms and POST data - Quiz 8hard Testing Flask Applications - Testing routes and responses - Quiz 8hard Testing Flask Applications - Testing authentication flows - Quiz 10hard WebSocket and Real-Time - Polling as fallback - Quiz 8hard WebSocket and Real-Time - Namespace concept - Quiz 8hard