with Dependencies Thread Locals What Flask is, What Flask is Not HTML/XHTML FAQ History of XHTML History of HTML5 HTML versus XHTML What does “strict” mean? New technologies in HTML5 What should be used Flask as follows: autoescaping is enabled for all templates ending in .html, .htm, .xml as well as .xhtml when using render_template(). autoescaping is enabled for all strings when using render_template_string() automatically escaping special characters for you. Special characters in the sense of HTML (or XML, and thus XHTML) are &, >, <, " as well as '. Because these characters carry specific meanings in documents on their

Flask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 3.2 HTML/XHTML FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 3.3 Security all templates. The following extensions for tem- plates trigger autoescaping: .html, .htm, .xml, .xhtml. Templates loaded from a string will have autoescaping disabled. 1.4.7 Accessing Request Data For as follows: • autoescaping is enabled for all templates ending in .html, .htm, .xml as well as .xhtml when using render_template(). • autoescaping is enabled for all strings when using render_template_string()