# Advanced Topic: Jinja Templates + Prompt Injection Awareness

This notebook introduces advanced templating with Jinja2 and discusses the importance of prompt injection security when building AI applications.

## 🔧 Jinja2 Templates

Jinja2 is a powerful templating engine for Python. It allows you to create dynamic text by inserting variables, applying logic, and more. Here are some advanced features:

- 🎯 Support for complex conditionals and loops
- 🛡️ Built-in security features to prevent cross-site scripting (XSS)
- ⚡ Template inheritance for code reuse

## 🚨 Prompt Injection Awareness

When using templates with user inputs, security is critical. Malicious users can manipulate prompts to execute unintended actions.

- 🛡️ Always sanitize user inputs to prevent injection
- 📋 Use allowlists to permit only trusted variables
- 🔒 Separate instructions from user data to minimize risks

## 📝 Secure Jinja Template Example

Here's an example of a secure Jinja2 template that carefully escapes user input and performs simple security checks:

In [None]:
from jinja2 import Template, Environment, select_autoescape

# Set up the environment with autoescaping for security
env = Environment(autoescape=select_autoescape(['html', 'xml']))

template_str = '''
{% if user.is_premium %}
Create premium content recommendations for {{ user.name|e }}.
{% else %}
Create basic recommendations for {{ user.name|e }}.
{% endif %}

Examples:
{% for example in examples %}
- {{ example.input|e }} → {{ example.output|e }}
{% endfor %}

User Request: {{ user_request|e }}
Safety Check: {% if 'ignore' in user_request.lower() %}POTENTIAL INJECTION{% endif %}
'''

template = env.from_string(template_str)
safe_prompt = template.render(user=user_data, examples=examples, user_request=clean_input)

## 🛡️ Security Best Practices

To maximize safety when working with templates and user data, follow these guidelines:

- **Escape user inputs:** Always use the `|e` filter to sanitize data.
- **Validate variables:** Check inputs against allowlists to restrict what is accepted.
- **Monitor for suspicious patterns:** Flag unusual inputs or patterns.
- **Separate roles:** Keep system instructions and user content distinct.

## 🤔 Why is input sanitization crucial in AI-powered applications?

Sanitizing inputs prevents malicious data from causing harm, executing unintended code, or manipulating the system. It helps maintain security, integrity, and trustworthiness in AI systems.