with Dependencies Thread Locals What Flask is, What Flask is Not HTML/XHTML FAQ History of XHTML History of HTML5 HTML versus XHTML What does “strict” mean? New technologies in HTML5 What should be used Flask as follows: autoescaping is enabled for all templates ending in .html, .htm, .xml as well as .xhtml when using render_template(). autoescaping is enabled for all strings when using render_template_string() automatically escaping special characters for you. Special characters in the sense of HTML (or XML, and thus XHTML) are &, >, <, " as well as '. Because these characters carry specific meanings in documents on their

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must

many of these entries are not present). escape: alias for tornado.escape.xhtml_escape xhtml_escape: alias for tornado.escape.xhtml_escape url_escape: alias for tornado.escape.url_escape json_encode: alias when you execute the template. All template output is escaped by default, using the tornado.escape.xhtml_escape function. This behavior can be changed globally by passing autoescape=None to the Application need additional escaping. Additionally, either care must be taken to always use double quotes and xhtml_escape in HTML attributes that may contain untrusted content, or a separate escaping function must