diff --git a/python/flask/security/xss/audit/explicit-unescape-with-markup.yaml b/python/flask/security/xss/audit/explicit-unescape-with-markup.yaml
index d602fc8d49..ddd207ce1a 100644
--- a/python/flask/security/xss/audit/explicit-unescape-with-markup.yaml
+++ b/python/flask/security/xss/audit/explicit-unescape-with-markup.yaml
@@ -17,7 +17,11 @@ rules:
       - python
     severity: WARNING
     pattern-either:
-      - pattern: flask.Markup(...)
+      - pattern: flask.Markup($Q)
       - pattern: flask.Markup.unescape(...)
-      - pattern: markupsafe.Markup(...)
+      - pattern: markupsafe.Markup($Q)
       - pattern: $MARKUPOBJ.unescape()
+      - metavariable-pattern:
+          metavariable: $Q
+          patterns:
+          - pattern-not: '"..."'