Foreword for Experienced Programmers

Develop for the Web with Caution

Always keep security in mind when building web applications.

Unfortunately, there are many ways the security of a web application can be compromised. Flask protects you against one of the most common security problems of modern web applications: cross-site scripting (XSS). Unless you deliberately mark insecure HTML as secure, Flask and the underlying Jinja2 template engine have you covered. But there are many more ways to cause security problems.

Flask is no different from any other framework in that you the developer must build with caution, watching for exploits when building to your requirements.