I'm using SweetAlert to have better javascript alerts. In the documentation of sweetalert, says this:
A HTML description for the popup. [Security] SweetAlert2 does NOT sanitize this parameter. It is the developer's responsibility to escape any user input when using the html option, so XSS attacks would be prevented.
I know that Django autoescapes by default to prevent XSS attacks. My question is if django autoescapes automatically the HTML written by javascript.