XSS attacks allow a user to inject client-side scripts into the browsers of other users.
Using Django templates protects you against the majority of XSS attacks.
To do this you need to protect your templates this code:
1 2 3 | {% autoescape off%} {{your_form}} {%end autoescape%} |
If you need to disable auto-escaping for an individual variable, then use the safe filter:
1 | {{ your_variable|safe }} |
Read more about this here.