Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 804 Commits
.devcontainer		.devcontainer
.github		.github
docs		docs
requirements		requirements
src/markupsafe		src/markupsafe
tests		tests
.editorconfig		.editorconfig
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.readthedocs.yaml		.readthedocs.yaml
CHANGES.rst		CHANGES.rst
CONTRIBUTING.rst		CONTRIBUTING.rst
LICENSE.txt		LICENSE.txt
MANIFEST.in		MANIFEST.in
README.md		README.md
bench.py		bench.py
pyproject.toml		pyproject.toml
setup.py		setup.py
tox.ini		tox.ini

Repository files navigation

MarkupSafe

MarkupSafe implements a text object that escapes characters so it issafe to use in HTML and XML. Characters that have special meanings arereplaced so that they display as the actual characters. This mitigatesinjection attacks, meaning untrusted user input can safely be displayedon a page.

Examples

>>>from markupsafeimport Markup, escape>>># escape replaces special characters and wraps in Markup>>> escape("<script>alert(document.cookie);</script>")Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')>>># wrap in Markup to mark text "safe" and prevent escaping>>> Markup("<strong>Hello</strong>")Markup('<strong>hello</strong>')>>> escape(Markup("<strong>Hello</strong>"))Markup('<strong>hello</strong>')>>># Markup is a str subclass>>># methods and operators escape their arguments>>> template= Markup("Hello <em>{name}</em>")>>> template.format(name='"World"')Markup('Hello <em>&#34;World&#34;</em>')

Donate

The Pallets organization develops and supports MarkupSafe and otherpopular packages. In order to grow the community of contributors andusers, and allow the maintainers to devote more time to the projects,please donate today.