Instantly share code, notes, and snippets.

Embed
What would you like to do?
#Part of Flask Security#
  • 使用Flask-Security
  • 直接生成 HTML 而不通过使用Jinja2
  • 不要在用户提交的数据上调用Markup
  • 使用 Content-Disposition: attachment 标头去避免上传html文件
  • 防止CSRF,flask本身没有实现该功能
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment