Output validation¶
Context-Specific Encoding
HTML: Escape
<
as<
URLs: Encode spaces as
%20
SQL: Use parameterised queries
Example (Python - Jinja2 Auto-Escape):
<!-- Safe by default in Jinja2 -->
<p>{{ user_content }}</p>
Last update:
2025-06-07 06:04