In my view, a template is not the appropriate place to do this.   Your application should be regarding its inputs, checking-for and defending against various attacks, and, if need be, setting variables in the template context which will cause appropriate HTML (etc.) to be inserted into the output by the template.   The template should not be making decisions, or contain application logic.