I want to display some html in django 1.0 templates and to do that I have been doing something like this:
{% autoescape off %}{{ var.text }}{% endautoescape %}
and I am just wondering how safe this is? Am I still protected against sql injection and cross site scripting and other vulnerabilities like that?
===Edit =======
This text will be coming from users, so what is the best way to display html in a django template safely?