# Cross-Site Scripting (XSS) in Templates

- ID: python-xss
- Severity: HIGH
- CWE: Cross-Site Scripting (XSS) (CWE-79)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects untrusted user input being rendered in HTML responses without proper
escaping.

## Remediation

Use template rendering with auto-escaping, or escape manually with html.escape().

```python
import html
safe_text = html.escape(user_input)
```

Learn more: https://shoulder.dev/learn/python/cwe-79/xss

## Documentation

[object Object]

## Related Rules

- **Angular Unsafe Security Context Bypass** [CRITICAL]: 
- **Angular Unsafe Property Binding** [HIGH]: 
- **Cross-Site Scripting (XSS) via Response** [HIGH]: