pallets/markupsafe


Safely add untrusted strings to HTML/XML markup.

https://palletsprojects.com/p/markupsafe/

License: BSD-3-Clause

Language: Python

Keywords: html, html-escape, jinja, markupsafe, python, template-engine


MarkupSafe

MarkupSafe implements a text object that escapes characters so it is safe to use in HTML and XML. Characters that have special meanings are replaced so that they display as the actual characters. This mitigates injection attacks, meaning untrusted user input can safely be displayed on a page.

Installing

Install and update using pip:

pip install -U MarkupSafe

Examples

>>> from markupsafe import Markup, escape
>>> # escape replaces special characters and wraps in Markup
>>> escape('<script>alert(document.cookie);</script>')
Markup(u'&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
>>> # wrap in Markup to mark text "safe" and prevent escaping
>>> Markup('<strong>Hello</strong>')
Markup('<strong>hello</strong>')
>>> escape(Markup('<strong>Hello</strong>'))
Markup('<strong>hello</strong>')
>>> # Markup is a text subclass (str on Python 3, unicode on Python 2)
>>> # methods and operators escape their arguments
>>> template = Markup("Hello <em>%s</em>")
>>> template % '"World"'
Markup('Hello <em>&#34;World&#34;</em>')

Donate

The Pallets organization develops and supports MarkupSafe and other libraries that use it. In order to grow the community of contributors and users, and allow the maintainers to devote more time to the projects, please donate today.

Links

Project Statistics

Sourcerank 17
Repository Size 174 KB
Stars 245
Forks 75
Watchers 20
Open issues 1
Dependencies 2
Contributors 23
Tags 19
Created
Last updated
Last pushed

Top Contributors See all

Armin Ronacher David Lord Inada Naoki Daw-Ran Liou Hugo Buck Evan Alice Zoë Bevan–McGregor Greg Back Christoph Zwerschke José Carlos García Ryan Siemens Ronny Pfannschmidt Matthew Brett Hsiaoming Yang Maarten ter Huurne Dan Roberts Richard O'Dwyer Florian Bruhin Adam Johnson Douglas Thor

Packages Referencing this Repo

MarkupSafe
Safely add untrusted strings to HTML/XML markup.
Latest release 1.1.1 - Updated - 245 stars
MarkupSafe-slow
Implements a XML/HTML/XHTML Markup safe string for Python
Latest release 1.0 - Published - 245 stars

Recent Tags See all

1.1.1 February 23, 2019
1.1.0 November 05, 2018
1.0 March 07, 2017
0.23 May 08, 2014
0.22 May 08, 2014
0.21 April 17, 2014
0.20 April 17, 2014
0.19 March 06, 2014
0.18 May 22, 2013
0.17 May 21, 2013
0.16 May 20, 2013
0.15 July 20, 2011
0.14 July 20, 2011
0.13 July 20, 2011
0.12 February 17, 2011

Interesting Forks See all

alex/markupsafe
A Python module that implements the jinja2.Markup string
Python - BSD-3-Clause - Last pushed - 3 stars - 1 forks

Something wrong with this page? Make a suggestion

Last synced: 2019-02-24 01:32:27 UTC

Login to resync this repository