MarkupSafe

MarkupSafe escapes characters so text is safe to use in HTML and XML. Characters that have special meanings are replaced so that they display as the actual characters. This mitigates injection attacks, meaning untrusted user input can safely be displayed on a page.

The escape() function escapes text and returns a Markup object. The object won’t be escaped anymore, but any text that is used with it will be, ensuring that the result remains safe to use in HTML.

>>> from markupsafe import escape
>>> hello = escape("<em>Hello</em>")
>>> hello
Markup('&lt;em&gt;Hello&lt;/em&gt;')
>>> escape(hello)
Markup('&lt;em&gt;Hello&lt;/em&gt;')
>>> hello + " <strong>World</strong>"
Markup('&lt;em&gt;Hello&lt;/em&gt; &lt;strong&gt;World&lt;/strong&gt;')

Installing

Install and update using pip:

pip install -U MarkupSafe

Table of Contents

• Working With Safe Text
  • escape()
  • Markup
  • Optional Values
  • Convert an Object to a String
• HTML Representations
• String Formatting
  • Format Method
  • printf-style Formatting
• BSD-3-Clause License
• Changes
  • Version 3.0.2
  • Version 3.0.1
  • Version 3.0.0
  • Version 2.1.5
  • Version 2.1.4
  • Version 2.1.3
  • Version 2.1.2
  • Version 2.1.1
  • Version 2.1.0
  • Version 2.0.1
  • Version 2.0.0
  • Version 1.1.1
  • Version 1.1.0
  • Version 1.0
  • Version 0.18
  • Version 0.17
  • Version 0.16
  • Version 0.15
  • Version 0.14
  • Version 0.13
  • Version 0.12