root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: root:60dae2edf46355f2260fe89029419c8b0e80b3fd
Branches Tags
root:main
root:pass-context
root:stable
root:workflow
root:3.1.2
root:3.1.1
root:3.1.0
root:2.3.x
root:2.2.x
root:2.1.x
root:2.0.x
root:1.1.x
root:1.0.x
root:0.12.x
root:3.0.3
root:3.0.2
root:3.0.1
root:3.0.0
root:2.3.3
root:2.2.5
root:2.3.2
root:2.3.1
root:2.3.0
root:2.2.4
root:2.2.3
root:2.2.2
root:2.2.1
root:2.2.0
root:2.1.3
root:2.1.2
root:2.1.1
root:2.1.0
root:2.0.3
root:2.0.2
root:2.0.1
root:1.1.4
root:1.1.3
root:2.0.0
root:2.0.0rc2
root:2.0.0rc1
root:1.1.2
root:0.12.5
root:1.1.1
root:1.1.0
root:1.0.4
root:1.0.3
root:1.0.2
root:1.0.1
root:0.12.4
root:1.0
root:0.12.3
root:0.12.2
root:0.12.1
root:0.12
root:0.11.1
root:0.11
root:0.10.1
root:0.10
root:0.9
root:0.8.1
root:0.8
root:0.7.2
root:0.7.1
root:0.7
root:0.6.1
root:0.6
root:0.5
root:0.4
root:0.3.1
root:0.3
root:0.2
root:0.1
...
compare: root:ca07265990e5244dec0c0289e5e027a4de9dae0a
Branches Tags
root:main
root:pass-context
root:stable
root:workflow
root:3.1.2
root:3.1.1
root:3.1.0
root:2.3.x
root:2.2.x
root:2.1.x
root:2.0.x
root:1.1.x
root:1.0.x
root:0.12.x
root:3.0.3
root:3.0.2
root:3.0.1
root:3.0.0
root:2.3.3
root:2.2.5
root:2.3.2
root:2.3.1
root:2.3.0
root:2.2.4
root:2.2.3
root:2.2.2
root:2.2.1
root:2.2.0
root:2.1.3
root:2.1.2
root:2.1.1
root:2.1.0
root:2.0.3
root:2.0.2
root:2.0.1
root:1.1.4
root:1.1.3
root:2.0.0
root:2.0.0rc2
root:2.0.0rc1
root:1.1.2
root:0.12.5
root:1.1.1
root:1.1.0
root:1.0.4
root:1.0.3
root:1.0.2
root:1.0.1
root:0.12.4
root:1.0
root:0.12.3
root:0.12.2
root:0.12.1
root:0.12
root:0.11.1
root:0.11
root:0.10.1
root:0.10
root:0.9
root:0.8.1
root:0.8
root:0.7.2
root:0.7.1
root:0.7
root:0.6.1
root:0.6
root:0.5
root:0.4
root:0.3.1
root:0.3
root:0.2
root:0.1

8 Commits
60dae2edf4 ... ca07265990

Author SHA1 Message Date
Badhreesh ca07265990
Merge 6e064b3ff2 into f04c5e6964 2025-06-09 01:09:43 -07:00
Badhreesh 6e064b3ff2
Fix typo 2025-05-22 12:56:14 +02:00
Badhreesh d4390442b7
Remove extra line 2025-05-22 12:52:54 +02:00
Badhreesh ac00a998a3 Remove extra wording 2025-05-22 12:52:11 +02:00
Badhreesh 5e3031e189 Move routing section back to original position 2025-05-22 12:51:00 +02:00
Badhreesh c8d80f690b Add reference to the request object section 2025-05-22 12:30:10 +02:00
Badhreesh d47ede1540 Demonstrate escaping without using path type 2025-05-22 12:22:49 +02:00
Badhreesh 0f2004c9e6 Initial commit 2025-05-21 20:35:11 +02:00
1 changed files with 11 additions and 6 deletions
Show Stats Expand all files Collapse all files

17
docs/quickstart.rst
View File

@ -139,19 +139,22 @@ how you're using untrusted data.
.. code-block:: python
from flask import request
from markupsafe import escape
@app.route("/<name>")
def hello(name):
@app.route("/hello")
def hello():
name = request.args.get("name", "")
return f"Hello, {escape(name)}!"
If a user managed to submit the name ``<script>alert("bad")</script>``,
User input can be submitted to the view function via the URL as query parameters,
like ``/hello?name=Bob``. Refer :ref:`the-request-object` for information on how
the query parameters are accessed.
If a user managed to submit ``/hello?name=<script>alert("bad")</script>``,
escaping causes it to be rendered as text, rather than running the
script in the user's browser.
``<name>`` in the route captures a value from the URL and passes it to
the view function. These variable rules are explained below.
Routing
-------
@ -504,6 +507,8 @@ The other possibility is passing a whole WSGI environment to the
with app.request_context(environ):
assert request.method == 'POST'
.. _the-request-object:
The Request Object
``````````````````