# Introduction When returning HTML (the default response type in Flask), any user-provided values rendered in the output must be escaped to protect from injection attacks. In this lab, you will learn how to use `escape` for achieving this. Also HTML templates rendered with Jinja, introduced later, will do this automatically. For now, you can just use `escape` to do this manually.
Click the virtual machine below to start practicing