[elsadek]

Thanks @GICodeWarrior for taking time commenting on the article. Shamefully, I can already imagine a scenario on how the attack could be carried out. Fortunately, the vulnerability can be corrected by introducing escapejs template filter. Big thanks to @gynvael.

[GICodeWarrior]

Encoding for each scenario can be quite complex unfortunately. Django does have some template filters to help.

I recommend following the documentation carefully, and using a JSON API or other similarly standard mechanism if the documented options are insufficient.