1MarkupSafe 2========== 3 4MarkupSafe implements a text object that escapes characters so it is 5safe to use in HTML and XML. Characters that have special meanings are 6replaced so that they display as the actual characters. This mitigates 7injection attacks, meaning untrusted user input can safely be displayed 8on a page. 9 10 11Installing 12---------- 13 14Install and update using `pip`_: 15 16.. code-block:: text 17 18 pip install -U MarkupSafe 19 20.. _pip: https://pip.pypa.io/en/stable/quickstart/ 21 22 23Examples 24-------- 25 26.. code-block:: pycon 27 28 >>> from markupsafe import Markup, escape 29 30 >>> # escape replaces special characters and wraps in Markup 31 >>> escape("<script>alert(document.cookie);</script>") 32 Markup('<script>alert(document.cookie);</script>') 33 34 >>> # wrap in Markup to mark text "safe" and prevent escaping 35 >>> Markup("<strong>Hello</strong>") 36 Markup('<strong>hello</strong>') 37 38 >>> escape(Markup("<strong>Hello</strong>")) 39 Markup('<strong>hello</strong>') 40 41 >>> # Markup is a str subclass 42 >>> # methods and operators escape their arguments 43 >>> template = Markup("Hello <em>{name}</em>") 44 >>> template.format(name='"World"') 45 Markup('Hello <em>"World"</em>') 46 47 48Donate 49------ 50 51The Pallets organization develops and supports MarkupSafe and other 52popular packages. In order to grow the community of contributors and 53users, and allow the maintainers to devote more time to the projects, 54`please donate today`_. 55 56.. _please donate today: https://palletsprojects.com/donate 57 58 59Links 60----- 61 62- Documentation: https://markupsafe.palletsprojects.com/ 63- Changes: https://markupsafe.palletsprojects.com/changes/ 64- PyPI Releases: https://pypi.org/project/MarkupSafe/ 65- Source Code: https://github.com/pallets/markupsafe/ 66- Issue Tracker: https://github.com/pallets/markupsafe/issues/ 67- Website: https://palletsprojects.com/p/markupsafe/ 68- Twitter: https://twitter.com/PalletsTeam 69- Chat: https://discord.gg/pallets 70