Hi, I am using web2py to write an intentionally vulnerable web app in order to demonstrate basic cross site request forgery and cross site scripting attacks for educational purposes. I'm running into some problems where web2py is automatically html encoding my output and preventing the intended attacks from working. Is there a way to disable data sanitization in web2py?
Sorry if there is already a post on this subject, I searched for one and couldn't find anything. Thanks for any help you can provide.
