Same topic, related formats. Practice these next.
Same topic, related formats. Practice these next.
Tokenize user content with add_special_tokens=False so strings like <|system|> stay literal text instead of becoming the real special token ids that break the trust boundary.
Imagine a theater where saying the phrase 'lights out' really kills the stage lights, because the crew is trained to obey it. Now a heckler in the audience shouts 'lights out' and the room goes dark, because the crew could not tell the heckler apart from the director. The fix is a rule: anything an audience member says is just words, never a command. In a language model, the dangerous command-words are special tokens like the system marker. Setting add_special_tokens to False is that rule, so a marker typed by a user is treated as plain text rather than a real instruction the model obeys.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example.
Everything important, quickly.
2-3 min: what add_special_tokens does + default True is unsafe + why escape_html misses the layer + apply_chat_template pairing + structural separation as defense in depth.
Real products, models, and research that use this idea.
What an interviewer would ask next. Try answering before peeking at the approach.
Red flags and common mistakes that signal junior thinking. Click to expand.
Picking a plausible-sounding flag like sanitize_special_tokens or escape_html. Those are not real tokenizer parameters; the real knob is add_special_tokens.
The night-before-the-interview bullets. Scan these on the way to the call.
Primary sources. Skim if you want the original framing.