Bird
0
0

You have this Flask template code:

medium📝 Debug Q6 of 15
Flask - Security Best Practices
You have this Flask template code:
<span>{{ feedback|safe }}</span>

Users report XSS attacks after submitting feedback. What is the most probable cause?
AFlask automatically escapes variables even with |safe filter
BThe variable feedback is not passed to the template
CThe |safe filter disables escaping, allowing malicious scripts
DThe template syntax is incorrect causing errors
Step-by-Step Solution
Solution:

  1. Step 1: Understand |safe filter

    The |safe filter tells Jinja2 not to escape the variable content.

  2. Step 2: Impact on security

    If user input contains scripts, they will be rendered as executable HTML, causing XSS.

  3. Final Answer:

    The |safe filter disables escaping, allowing malicious scripts -> Option C

  4. Quick Check:

    |safe disables escaping, enabling XSS [OK]
Quick Trick: |safe disables escaping; use cautiously [OK]
Common Mistakes:
MISTAKES
  • Believing Flask escapes even with |safe
  • Assuming missing variable causes XSS
  • Thinking template syntax causes XSS

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Flask Quizzes
Background Tasks - Task status monitoring - Quiz 6medium Background Tasks - Periodic tasks with Celery Beat - Quiz 6medium Deployment - Database migration in deployment - Quiz 7medium Flask Ecosystem and Patterns - Service layer pattern - Quiz 9hard Flask Ecosystem and Patterns - Flask vs Django decision - Quiz 13medium Performance Optimization - Connection pooling - Quiz 4medium Performance Optimization - Gunicorn for production serving - Quiz 6medium Security Best Practices - Session security - Quiz 11easy Security Best Practices - CSRF protection - Quiz 7medium Security Best Practices - Why security is critical - Quiz 1easy