Then you need to escape the escape sequence.

That's going to be anything that's not a double quote or a backslash.

But what if you want to literally have a backslash?

Escape

We may have a dot and to really mean the dot,

Benny's not here. I think he went AWOL.

We've got no and then it ends.

And, here's one thing to look out for.

On the left is what you'd have to say to Python and on the right is what it means.

They turn into tags.

The only thing you really have to keep in mind is you have to escape characters that are particular to a regular expression.

Okay. And this is what we get

Do I trust the user?

Why is that?

If I didn't have this safe here, Jinja 2 would automatically because of the way I configured it when we set it up would escape everything.

By this means, options can be made to have different settings in different parts of theBy this means, options can be made to have different settings in different parts of the pattern.

Escape response

That's pretty simple.

If we were to look at the source for this page, you can see what we typed in has all been escaped using HTML escaping, which is not exactly what we intended.

Here I have our rule for beginning the tokenization of JavaScript.

This basically when you accept data from a user, and you're displaying it in your webpage, and you're not escaping it.

All of this looks like 3 characters. It's really just 2.

Heredoc text behaves just like a double quoted string, without the double quotes.

So another way of writing this function is just to use the cgi module that is included with Python, and let's give this a shot.

Okay, I'm going to submit this.

It's either escaped like we have here or it's just a character by itself all the other letters.

Where have those six got to? They've escaped.

Those characters can be in 2 groups.

Actually what we did is we allowed links and image, and then we broke all other HTML.

Now we can check for that, and there's a couple of ways to go around this.

Any regular expression starts with r' or r .

Now I want to match immediately an opening parenthesis.

As it turns out, this function is already included in Python cgi.escape (s, quote True)

Submit via the interpreter, a regular expression matching this specification.

I'm going to get rid of these quotes and use single quotes instead so we can test the escaping of those.

If I were to include this in my text field and not escape it properly, we could have problems.

This is the basis for cross site scripting.

Here is the input that doesn't work properly.

That gets put here. Jinja has a syntax called safe.

Remember, I disabled the texting I'm sorry.

It's called a text area, and it's another form element for entering large pieces of text.

When we were escaping, I saw this room.

It inherits some base HTML, and it redefines the content block to basically render one blog.

And, as you can see, it works just the same hello, amp blah, blah, blah, blah blah.

Now one thing I would like to show you, remember we spent all that time escaping in our previous lecture,