Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 833 Commits
.devcontainer		.devcontainer
.github		.github
docs		docs
src/markupsafe		src/markupsafe
tests		tests
.editorconfig		.editorconfig
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.readthedocs.yaml		.readthedocs.yaml
CHANGES.rst		CHANGES.rst
LICENSE.txt		LICENSE.txt
MANIFEST.in		MANIFEST.in
README.md		README.md
bench.py		bench.py
pyproject.toml		pyproject.toml
setup.py		setup.py
uv.lock		uv.lock

Repository files navigation

MarkupSafe

MarkupSafe implements a text object that escapes characters so it issafe to use in HTML and XML. Characters that have special meanings arereplaced so that they display as the actual characters. This mitigatesinjection attacks, meaning untrusted user input can safely be displayedon a page.

Examples

>>>from markupsafeimport Markup, escape>>># escape replaces special characters and wraps in Markup>>> escape("<script>alert(document.cookie);</script>")Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')>>># wrap in Markup to mark text "safe" and prevent escaping>>> Markup("<strong>Hello</strong>")Markup('<strong>hello</strong>')>>> escape(Markup("<strong>Hello</strong>"))Markup('<strong>hello</strong>')>>># Markup is a str subclass>>># methods and operators escape their arguments>>> template= Markup("Hello <em>{name}</em>")>>> template.format(name='"World"')Markup('Hello <em>&#34;World&#34;</em>')

Donate

The Pallets organization develops and supports MarkupSafe and otherpopular packages. In order to grow the community of contributors andusers, and allow the maintainers to devote more time to the projects,please donate today.

Contributing

See ourdetailed contributing documentation for many ways tocontribute, including reporting issues, requesting features, asking or answeringquestions, and making PRs.