As in the previous post, I had created a simple web app using Python Flask to use as a teaching tool. The purpose was to demonstrate SQL injection and XSS (cross-site scripting) vulnerabilities and how to remediate them. In this case, the remediation step for XSS (escaping output) tripped me up. I tried this: return … Continue reading Python Flask, escaping HTML strings, and the Markup class