Bird
0
0

Which of the following is the correct way to safely display a user input variable named user_input in a Flask template to prevent XSS?

easy📝 Syntax Q12 of 15
Flask - Security Best Practices
Which of the following is the correct way to safely display a user input variable named user_input in a Flask template to prevent XSS?
A<code>{{ user_input|safe }}</code>
B<code>{% raw user_input %}</code>
C<code>{% safe user_input %}</code>
D<code>{{ user_input }}</code>
Step-by-Step Solution
Solution:

  1. Step 1: Identify safe default rendering

    Using {{ user_input }} automatically escapes content, preventing XSS.

  2. Step 2: Understand the risk of |safe filter

    The |safe filter disables escaping and should be used only with trusted content.

  3. Final Answer:

    {{ user_input }} -> Option D

  4. Quick Check:

    Use {{ variable }} without |safe for safety [OK]
Quick Trick: Use {{ variable }} without |safe to keep escaping [OK]
Common Mistakes:
MISTAKES
  • Using |safe on untrusted user input
  • Trying to use {% raw %} incorrectly
  • Assuming {% safe %} is a valid Jinja2 tag

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Flask Quizzes
Background Tasks - Task status monitoring - Quiz 6medium Background Tasks - Periodic tasks with Celery Beat - Quiz 6medium Deployment - Database migration in deployment - Quiz 7medium Flask Ecosystem and Patterns - Service layer pattern - Quiz 9hard Flask Ecosystem and Patterns - Flask vs Django decision - Quiz 13medium Performance Optimization - Connection pooling - Quiz 4medium Performance Optimization - Gunicorn for production serving - Quiz 6medium Security Best Practices - Session security - Quiz 11easy Security Best Practices - CSRF protection - Quiz 7medium Security Best Practices - Why security is critical - Quiz 1easy