FLASK_WTFormsを使う基本のコード (入力エラー・メッセージ付)

(ファイル構成)
-- app.py
 |- / template
         |- index.html


(app.py)
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from flask import Flask, render_template, url_for, flash,redirect
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, SubmitField
from wtforms.validators import DataRequired, Length
app = Flask(__name__)
app.config['SECRET_KEY'] = 'Thisisasecret!'
class Message(FlaskForm):
    username = StringField('username',
                            validators=[DataRequired(), Length(min=2, max=5)])
    password = PasswordField('password',
                             validators=[DataRequired(), Length(min=2, max=5)])
    submit = SubmitField('Check Up')

                            
@app.route('/', methods=['GET', 'POST'])
def form():
    form = Message()
    if form.validate_on_submit():
        flash(f'Found the result for {form.username.data}','success') #Bootstrapの機能
        result =  '<h1>The username is {}. <br>The password is {}.</h1>'.format(form.username.data, form.password.data)
        return redirect(url_for('form', result=result))
    return render_template("index.html", form=form ,)

if __name__ == '__main__':
    app.run()

（index.html）

     <form method="POST" action="">
            {{ form.hidden_tag() }}
  
                    {{ form.username.label }}
                    {% if form.username.errors %}
                        {{ form.username(class="form-control form-control-lg is-invalid") }}
                        <div class="invalid-feedback">
                            {% for error in form.username.errors %}
                                <span>{{ error }}</span>
                            {% endfor %}
                        </div>
                    {% else %}
                        {{ form.username }}
                    {% endif %}
           
            
                    {{ form.password.label}}
                    {% if form.password.errors %}
                        {{ form.password(class="form-control form-control-lg is-invalid") }}
                        <div class="invalid-feedback">
                            {% for error in form.password.errors %}
                                <span>{{ error }}</span>
                            {% endfor %}
                        </div>
                    {% else %}
                        {{ form.password}}
                    {% endif %}
              
            <div class="form-group">
                {{ form.submit() }}
            </div>
 
        </form>

 {% with messages = get_flashed_messages(with_categories=true) %}
  {% if messages %}
   {% for category, message in messages %}
     <div class="alert alert-{{ category}}">
   {{ message}}
     </div>
   {% endfor %}
  {% endif %}
 {% endwith%}

 {{ result | safe}}

=======

resultの結果は、URLに反映されてしまう。要修正
http://127.0.0.1:5000/?result=%3Ch1%3EThe+username+is+123.+%3Cbr%3EThe+password+is+3333.%3C%2Fh1%3E