Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pallets/markupsafe

Safely add untrusted strings to HTML/XML markup.
https://github.com/pallets/markupsafe

html html-escape jinja markupsafe pallets python template-engine

Last synced: about 1 month ago
JSON representation

Safely add untrusted strings to HTML/XML markup.

Awesome Lists containing this project

README 

        
# MarkupSafe



MarkupSafe implements a text object that escapes characters so it is

safe to use in HTML and XML. Characters that have special meanings are

replaced so that they display as the actual characters. This mitigates

injection attacks, meaning untrusted user input can safely be displayed

on a page.



## Examples



```pycon

>>> from markupsafe import Markup, escape



>>> # escape replaces special characters and wraps in Markup

>>> escape("alert(document.cookie);")

Markup('<script>alert(document.cookie);</script>')



>>> # wrap in Markup to mark text "safe" and prevent escaping

>>> Markup("Hello")

Markup('hello')



>>> escape(Markup("Hello"))

Markup('hello')



>>> # Markup is a str subclass

>>> # methods and operators escape their arguments

>>> template = Markup("Hello {name}")

>>> template.format(name='"World"')

Markup('Hello "World"')

```



## Donate



The Pallets organization develops and supports MarkupSafe and other

popular packages. In order to grow the community of contributors and

users, and allow the maintainers to devote more time to the projects,

[please donate today][].



[please donate today]: https://palletsprojects.com/donate