Pattern: Use of Mako
templates
Issue: -
Mako
templates allow HTML/JS rendering by default and are
inherently open to XSS attacks. Ensure variables in all templates are
properly sanitized via the n
, h
or x
flags (depending on context).
For example, to HTML escape the variable data
do ${ data |h }
.