jinja2-autoescape-false (S701)
Derived from the flake8-bandit linter.
What it does
Checks for jinja2 templates that use autoescape=False.
Why is this bad?
jinja2 templates that use autoescape=False are vulnerable to cross-site
scripting (XSS) attacks that allow attackers to execute arbitrary
JavaScript.
By default, jinja2 sets autoescape to False, so it is important to
set autoescape=True or use the select_autoescape function to mitigate
XSS vulnerabilities.
Example
Use instead: