Markupsafe Save

Safely add untrusted strings to HTML/XML markup.

Project README

MarkupSafe

MarkupSafe implements a text object that escapes characters so it is safe to use in HTML and XML. Characters that have special meanings are replaced so that they display as the actual characters. This mitigates injection attacks, meaning untrusted user input can safely be displayed on a page.

Examples

>>> from markupsafe import Markup, escape

>>> # escape replaces special characters and wraps in Markup
>>> escape("<script>alert(document.cookie);</script>")
Markup('<script>alert(document.cookie);</script>')

>>> # wrap in Markup to mark text "safe" and prevent escaping
>>> Markup("<strong>Hello</strong>")
Markup('<strong>hello</strong>')

>>> escape(Markup("<strong>Hello</strong>"))
Markup('<strong>hello</strong>')

>>> # Markup is a str subclass
>>> # methods and operators escape their arguments
>>> template = Markup("Hello <em>{name}</em>")
>>> template.format(name='"World"')
Markup('Hello <em>"World"</em>')

Donate

The Pallets organization develops and supports MarkupSafe and other popular packages. In order to grow the community of contributors and users, and allow the maintainers to devote more time to the projects, please donate today.

Open Source Agenda is not affiliated with "Markupsafe" Project. README Source: pallets/markupsafe

Stars

616

Open Issues

Last Commit

2 days ago

Repository

pallets/markupsafe

License

BSD-3-Clause

Homepage

https://markupsafe.palletsprojects.com

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/markupsafe"><img src="https://www.opensourceagenda.com/projects/markupsafe/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022