Escape

Then you need to escape the escape sequence.

But what if you want to literally have a backslash?

They turn into tags.

By this means, options can be made to have different settings in different parts of theBy this means, options can be made to have different settings in different parts of the pattern.

Escape response

That's going to be anything that's not a double quote or a backslash.

Here I have our rule for beginning the tokenization of JavaScript.

We may have a dot and to really mean the dot,

Benny's not here. I think he went AWOL.

Heredoc text behaves just like a double quoted string, without the double quotes.

And, here's one thing to look out for.

Okay. And this is what we get

On the left is what you'd have to say to Python and on the right is what it means.

Any regular expression starts with r' or r .

Do I trust the user?

That's pretty simple.

The only thing you really have to keep in mind is you have to escape characters that are particular to a regular expression.

This is the basis for cross site scripting.

Here is the input that doesn't work properly.

That gets put here. Jinja has a syntax called safe.

Where have those six got to? They've escaped.

It inherits some base HTML, and it redefines the content block to basically render one blog.

It's either escaped like we have here or it's just a character by itself all the other letters.

Why is that?

But the nicest way to fix this is through a method called Escaping hence, the title of this page.

Actually what we did is we allowed links and image, and then we broke all other HTML.

Now we can check for that, and there's a couple of ways to go around this.

If we were to look at the source for this page, you can see what we typed in has all been escaped using HTML escaping, which is not exactly what we intended.

As it turns out, this function is already included in Python cgi.escape (s, quote True)

All of this looks like 3 characters. It's really just 2.

If I were to view the source of this file, which you can do in Chrome easily, we can see what happened.

This basically when you accept data from a user, and you're displaying it in your webpage, and you're not escaping it.

It's called a text area, and it's another form element for entering large pieces of text.

We've got no and then it ends.

Okay, I'm going to submit this.

When we were escaping, I saw this room.

And, as you can see, it works just the same hello, amp blah, blah, blah, blah blah.

Those characters can be in 2 groups.

If you escape your HTML, you don't have to worry about it.

I can use these escape sequences to literally write down a special character.

Now I want to match immediately an opening parenthesis.

Instead of including a ( ), we convert it to ( amp quot ) and we can also Escape angled brackets.

If I didn't have this safe here, Jinja 2 would automatically because of the way I configured it when we set it up would escape everything.

And now when we submit our form, we get our error message and our HTML isn't totally broken.