How to use the markupsafe.Markup.escape function in MarkupSafe
To help you get started, we’ve selected a few MarkupSafe examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
liberapay / liberapay.com / tests / py / test_payins.py View on Github 
def test_03_payin_stripe_sdd_one_to_many(self):
self.db.run("ALTER SEQUENCE payins_id_seq RESTART WITH %s", (self.offset,))
self.db.run("ALTER SEQUENCE payin_transfers_id_seq RESTART WITH %s", (self.offset,))
self.add_payment_account(self.creator_1, 'stripe', id=self.acct_switzerland.id)
self.add_payment_account(self.creator_3, 'stripe')
self.add_payment_account(self.creator_3, 'paypal')
tip1 = self.donor.set_tip_to(self.creator_1, EUR('12.00'))
tip3 = self.donor.set_tip_to(self.creator_3, EUR('12.00'))
# 1st request: test getting the payment pages
expected_uri = '/donor/giving/pay/stripe/?beneficiary=%i,%i&method=sdd' % (
self.creator_1.id, self.creator_3.id
)
r = self.client.GET('/donor/giving/pay/', auth_as=self.donor)
assert r.code == 200, r.text
assert str(Markup.escape(expected_uri)) in r.text
r = self.client.GET(expected_uri, auth_as=self.donor)
assert r.code == 200, r.text
# 2nd request: prepare the payment
sepa_direct_debit_token = stripe.Token.create(bank_account=dict(
country='FR',
currency='EUR',
account_number='FR1420041010050500013M02606',
account_holder_name='Jane Doe',
))
form_data = {
'amount': '100.00',
'currency': 'EUR',
'keep': 'true',
'tips': '%i,%i' % (tip1['id'], tip3['id']),
'token': sepa_direct_debit_token.id,mod.__path__ = [filename.rsplit('/', 1)[0]]
exec source in mod.__dict__
return mod
def install_hook():
sys.path_hooks.append(GithubImporter)
if __name__ == '__main__':
install_hook()
sys.path.append('github://mitsuhiko/markupsafe')
import markupsafe
print markupsafe.__file__
print markupsafe.Markup.escape('')def __html__(self):
ctx = get_ctx()
# If we're in a nested render, we disable the rendering here or we
# risk a recursion error.
if ctx is None or self in ctx.flow_block_render_stack:
return Markup.escape(repr(self))
ctx.flow_block_render_stack.append(self)
try:
try:
return self.pad.db.env.render_template(
['blocks/%s.html' % self._data['_flowblock'],
'blocks/default.html'],
pad=self.pad,
this=self,
alt=self.record.alt,
values={'record': self.record}
)
except TemplateNotFound:
return Markup('[could not find snippet template]')
finally:
ctx.flow_block_render_stack.pop()button.append('<input name="file" type="file" class="fileupload">'
'<div class="form-upload-progress"> '
'<div aria-valuemax="100" aria-valuemin="0" role="progressbar" class="form-upload-progress-bar"> '
'</div> '
'</div>'.format(url=upload_url,
name=field.name,
slug=field.name.replace('oid', 'slug'),
token=Markup.escape(current_user.id),
file_format=Markup.escape(file_format_regex)))
button.append('')
return HTMLString(html + ''.join(button))def __html__(self):
ctx = get_ctx()
# If we're in a nested render, we disable the rendering here or we
# risk a recursion error.
if ctx is None or self in ctx.flow_block_render_stack:
return Markup.escape(repr(self))
ctx.flow_block_render_stack.append(self)
try:
try:
return self.pad.db.env.render_template(
['blocks/%s.html' % self._data['_flowblock'],
'blocks/default.html'],
pad=self.pad,
this=self,
alt=self.record.alt,
values={'record': self.record}
)
except TemplateNotFound:
return Markup('[could not find snippet template]')
finally:
ctx.flow_block_render_stack.pop()def render_and_scrub(markdown):
"""Given markdown, return a Markup with tags stripped and everything else
escaped.
"""
return Markup.escape(render(markdown).striptags())def __html__(self):
ctx = get_ctx()
# If we're in a nested render, we disable the rendering here or we
# risk a recursion error.
if ctx is None or self in ctx.flow_block_render_stack:
return Markup.escape(repr(self))
ctx.flow_block_render_stack.append(self)
try:
try:
return self.pad.db.env.render_template(
['blocks/%s.html' % self._data['_flowblock'],
'blocks/default.html'],
pad=self.pad,
this=self,
alt=self.record.alt,
values={'record': self.record}
)
except TemplateNotFound:
return Markup('[could not find snippet template]')
finally:
ctx.flow_block_render_stack.pop()"""Whitelist specific HTML tags and strings.
Positional arguments:
value -- the string to perform the operation on.
Returns:
Markup() instance, indicating the string is safe.
"""
translations = {
'&quot;': '"',
'&#39;': ''',
'&lsquo;': '‘',
'&nbsp;': ' ',
'<br>': '<br>',
}
escaped = str(Markup.escape(value)) # Escapes everything.
for k, v in translations.items():
escaped = escaped.replace(k, v) # Un-escape specific elements using str.replace.
return Markup(escaped) # Return as 'safe'.
def whitelist(value: str) -> Markup:
"""Whitelist specific HTML tags and strings.
Positional arguments:
value -- the string to perform the operation on.
Returns:
Markup() instance, indicating the string is safe.
"""
translations = {
'&quot;': '"',
'&#39;': ''',
'&lsquo;': '‘',
'&nbsp;': ' ',
'<br>': '<br>',
}
escaped = str(Markup.escape(value)) # Escapes everything.
for k, v in translations.items():
escaped = escaped.replace(k, v) # Un-escape specific elements using str.replace.
return Markup(escaped) # Return as 'safe'.MarkupSafe
Safely add untrusted strings to HTML/XML markup.
Package Health Score
94 / 100Popular MarkupSafe functions
- markupsafe._compat.iteritems
- markupsafe._compat.string_types
- markupsafe._compat.text_type
- markupsafe._compat.text_type.__mod__
- markupsafe._compat.text_type.__mul__
- markupsafe._compat.text_type.__new__
- markupsafe._compat.text_type.__repr__
- markupsafe._compat.text_type.join
- markupsafe._compat.text_type.partition
- markupsafe._compat.text_type.rpartition
- markupsafe._compat.text_type.rsplit
- markupsafe._compat.text_type.split
- markupsafe._compat.text_type.splitlines
- markupsafe._compat.unichr
- markupsafe.escape
- markupsafe.escape_silent
- markupsafe.EscapeFormatter
- markupsafe.EscapeFormatter.__init__
- markupsafe.Markup
- markupsafe.Markup.escape