Derived from the flake8-bandit linter.
What it does#
Checks for uses of calls to
Why is this bad?#
django.utils.safestring.mark_safe marks a string as safe for use in HTML
templates, bypassing XSS protection. This is dangerous because it may allow
cross-site scripting attacks if the string is not properly escaped.