75 lines
2.6 KiB
Plaintext
75 lines
2.6 KiB
Plaintext
Metadata-Version: 2.4
|
|
Name: MarkupSafe
|
|
Version: 3.0.3
|
|
Summary: Safely add untrusted strings to HTML/XML markup.
|
|
Maintainer-email: Pallets <contact@palletsprojects.com>
|
|
License-Expression: BSD-3-Clause
|
|
Project-URL: Donate, https://palletsprojects.com/donate
|
|
Project-URL: Documentation, https://markupsafe.palletsprojects.com/
|
|
Project-URL: Changes, https://markupsafe.palletsprojects.com/page/changes/
|
|
Project-URL: Source, https://github.com/pallets/markupsafe/
|
|
Project-URL: Chat, https://discord.gg/pallets
|
|
Classifier: Development Status :: 5 - Production/Stable
|
|
Classifier: Environment :: Web Environment
|
|
Classifier: Intended Audience :: Developers
|
|
Classifier: Operating System :: OS Independent
|
|
Classifier: Programming Language :: Python
|
|
Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
|
|
Classifier: Topic :: Text Processing :: Markup :: HTML
|
|
Classifier: Typing :: Typed
|
|
Requires-Python: >=3.9
|
|
Description-Content-Type: text/markdown
|
|
License-File: LICENSE.txt
|
|
Dynamic: license-file
|
|
|
|
<div align="center"><img src="https://raw.githubusercontent.com/pallets/markupsafe/refs/heads/stable/docs/_static/markupsafe-name.svg" alt="" height="150"></div>
|
|
|
|
# MarkupSafe
|
|
|
|
MarkupSafe implements a text object that escapes characters so it is
|
|
safe to use in HTML and XML. Characters that have special meanings are
|
|
replaced so that they display as the actual characters. This mitigates
|
|
injection attacks, meaning untrusted user input can safely be displayed
|
|
on a page.
|
|
|
|
|
|
## Examples
|
|
|
|
```pycon
|
|
>>> from markupsafe import Markup, escape
|
|
|
|
>>> # escape replaces special characters and wraps in Markup
|
|
>>> escape("<script>alert(document.cookie);</script>")
|
|
Markup('<script>alert(document.cookie);</script>')
|
|
|
|
>>> # wrap in Markup to mark text "safe" and prevent escaping
|
|
>>> Markup("<strong>Hello</strong>")
|
|
Markup('<strong>hello</strong>')
|
|
|
|
>>> escape(Markup("<strong>Hello</strong>"))
|
|
Markup('<strong>hello</strong>')
|
|
|
|
>>> # Markup is a str subclass
|
|
>>> # methods and operators escape their arguments
|
|
>>> template = Markup("Hello <em>{name}</em>")
|
|
>>> template.format(name='"World"')
|
|
Markup('Hello <em>"World"</em>')
|
|
```
|
|
|
|
## Donate
|
|
|
|
The Pallets organization develops and supports MarkupSafe and other
|
|
popular packages. In order to grow the community of contributors and
|
|
users, and allow the maintainers to devote more time to the projects,
|
|
[please donate today][].
|
|
|
|
[please donate today]: https://palletsprojects.com/donate
|
|
|
|
## Contributing
|
|
|
|
See our [detailed contributing documentation][contrib] for many ways to
|
|
contribute, including reporting issues, requesting features, asking or answering
|
|
questions, and making PRs.
|
|
|
|
[contrib]: https://palletsprojects.com/contributing/
|