askama_escape Why escape slashes?

[mashedcode]

Sorry, I just don't seem to understand what harm slashes can do in html.

Why does it escape slashes?

[djc]

Because the OWASP recommends doing so.

https://security.stackexchange.com/questions/49852/why-should-xss-filters-escape-forward-slash

[mashedcode]

OWASP Cross Site Scripting Prevention Cheat Sheet
Yes they do indeed.
But not in there XSS Experimental Minimal Encoding Rules.

Furthermore I don't see anyone provide an actual attack on Security Stack Exchange that was enabled due to unescaped /. So I don't agree.

If I agree or not doesn't matter though since the OWASP recommends doing so.
It would still be nice to have a minimal escape version of that function.
The reason for this is that I simply don't want my slashes inside of src and href to be escaped. It's simply useless.

[djc]

You could write your own filter that does more minimal escaping and returns the result as a MarkupDisplay::Safe, I think.