0
votes

I'm using SweetAlert to have better javascript alerts. In the documentation of sweetalert, says this:

A HTML description for the popup. [Security] SweetAlert2 does NOT sanitize this parameter. It is the developer's responsibility to escape any user input when using the html option, so XSS attacks would be prevented.

I know that Django autoescapes by default to prevent XSS attacks. My question is if django autoescapes automatically the HTML written by javascript.