Pattern: Potential XSS on markupsafe.Markup
Issue: -
markupsafe.Markup does not perform any escaping, so passing dynamic content, like f-strings, variables or interpolated strings will potentially lead to XSS vulnerabilities, especially if that data was submitted by users.
Instead you should interpolate the resulting markupsafe.Markup object, which will perform escaping, or use markupsafe.escape.