Skip to content

Latest commit

 

History

History
53 lines (37 loc) · 1.27 KB

index.rst

File metadata and controls

53 lines (37 loc) · 1.27 KB
Raw
.. currentmodule:: markupsafe

MarkupSafe

MarkupSafe escapes characters so text is safe to use in HTML and XML. Characters that have special meanings are replaced so that they display as the actual characters. This mitigates injection attacks, meaning untrusted user input can safely be displayed on a page.

The :func:`escape` function escapes text and returns a :class:`Markup` object. The object won't be escaped anymore, but any text that is used with it will be, ensuring that the result remains safe to use in HTML.

>>> from markupsafe import escape
>>> hello = escape('<em>Hello</em>')
>>> hello
Markup('&lt;em&gt;Hello&lt;/em&gt;')
>>> escape(hello)
Markup('&lt;em&gt;Hello&lt;/em&gt;')
>>> hello + ' <strong>World</strong>'
Markup('&lt;em&gt;Hello&lt;/em&gt; &lt;strong&gt;World&lt;/strong&gt;')

Note

The docs assume you're using Python 3. The terms "text" and "string" refer to the :class:`str` class. In Python 2, this would be the unicode class instead.

Installing

Install and update using pip:

pip install -U MarkupSafe

Table of Contents

.. toctree::
    :maxdepth: 2

    escaping
    html
    formatting
    license
    changes