How to use the markupsafe.Markup.escape function in MarkupSafe

To help you get started, we’ve selected a few MarkupSafe examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github liberapay / liberapay.com / tests / py / test_payins.py View on Github external
def test_03_payin_stripe_sdd_one_to_many(self):
        self.db.run("ALTER SEQUENCE payins_id_seq RESTART WITH %s", (self.offset,))
        self.db.run("ALTER SEQUENCE payin_transfers_id_seq RESTART WITH %s", (self.offset,))
        self.add_payment_account(self.creator_1, 'stripe', id=self.acct_switzerland.id)
        self.add_payment_account(self.creator_3, 'stripe')
        self.add_payment_account(self.creator_3, 'paypal')
        tip1 = self.donor.set_tip_to(self.creator_1, EUR('12.00'))
        tip3 = self.donor.set_tip_to(self.creator_3, EUR('12.00'))

        # 1st request: test getting the payment pages
        expected_uri = '/donor/giving/pay/stripe/?beneficiary=%i,%i&method=sdd' % (
            self.creator_1.id, self.creator_3.id
        )
        r = self.client.GET('/donor/giving/pay/', auth_as=self.donor)
        assert r.code == 200, r.text
        assert str(Markup.escape(expected_uri)) in r.text
        r = self.client.GET(expected_uri, auth_as=self.donor)
        assert r.code == 200, r.text

        # 2nd request: prepare the payment
        sepa_direct_debit_token = stripe.Token.create(bank_account=dict(
            country='FR',
            currency='EUR',
            account_number='FR1420041010050500013M02606',
            account_holder_name='Jane Doe',
        ))
        form_data = {
            'amount': '100.00',
            'currency': 'EUR',
            'keep': 'true',
            'tips': '%i,%i' % (tip1['id'], tip3['id']),
            'token': sepa_direct_debit_token.id,
github mitsuhiko / badideas / githubimporter.py View on Github external
mod.__path__ = [filename.rsplit('/', 1)[0]]
        exec source in mod.__dict__
        return mod


def install_hook():
    sys.path_hooks.append(GithubImporter)


if __name__ == '__main__':
    install_hook()
    sys.path.append('github://mitsuhiko/markupsafe')

    import markupsafe
    print markupsafe.__file__
    print markupsafe.Markup.escape('')
github lektor / lektor-archive / lektor / types / flow.py View on Github external
def __html__(self):
        ctx = get_ctx()

        # If we're in a nested render, we disable the rendering here or we
        # risk a recursion error.
        if ctx is None or self in ctx.flow_block_render_stack:
            return Markup.escape(repr(self))

        ctx.flow_block_render_stack.append(self)
        try:
            try:
                return self.pad.db.env.render_template(
                    ['blocks/%s.html' % self._data['_flowblock'],
                     'blocks/default.html'],
                    pad=self.pad,
                    this=self,
                    alt=self.record.alt,
                    values={'record': self.record}
                )
            except TemplateNotFound:
                return Markup('[could not find snippet template]')
        finally:
            ctx.flow_block_render_stack.pop()
github armadillica / pillar / pillar / web / utils / forms.py View on Github external
button.append('<input name="file" type="file" class="fileupload">'
                      '<div class="form-upload-progress"> '
                      '<div aria-valuemax="100" aria-valuemin="0" role="progressbar" class="form-upload-progress-bar"> '
                      '</div> '
                      '</div>'.format(url=upload_url,
                                       name=field.name,
                                       slug=field.name.replace('oid', 'slug'),
                                       token=Markup.escape(current_user.id),
                                       file_format=Markup.escape(file_format_regex)))

        button.append('')

        return HTMLString(html + ''.join(button))
github ulope / pyformat.info / vendor / lektor / lektor / types / flow.py View on Github external
def __html__(self):
        ctx = get_ctx()

        # If we're in a nested render, we disable the rendering here or we
        # risk a recursion error.
        if ctx is None or self in ctx.flow_block_render_stack:
            return Markup.escape(repr(self))

        ctx.flow_block_render_stack.append(self)
        try:
            try:
                return self.pad.db.env.render_template(
                    ['blocks/%s.html' % self._data['_flowblock'],
                     'blocks/default.html'],
                    pad=self.pad,
                    this=self,
                    alt=self.record.alt,
                    values={'record': self.record}
                )
            except TemplateNotFound:
                return Markup('[could not find snippet template]')
        finally:
            ctx.flow_block_render_stack.pop()
github gratipay / gratipay.com / gratipay / utils / markdown.py View on Github external
def render_and_scrub(markdown):
    """Given markdown, return a Markup with tags stripped and everything else
    escaped.
    """
    return Markup.escape(render(markdown).striptags())
github lektor / lektor / lektor / types / flow.py View on Github external
def __html__(self):
        ctx = get_ctx()

        # If we're in a nested render, we disable the rendering here or we
        # risk a recursion error.
        if ctx is None or self in ctx.flow_block_render_stack:
            return Markup.escape(repr(self))

        ctx.flow_block_render_stack.append(self)
        try:
            try:
                return self.pad.db.env.render_template(
                    ['blocks/%s.html' % self._data['_flowblock'],
                     'blocks/default.html'],
                    pad=self.pad,
                    this=self,
                    alt=self.record.alt,
                    values={'record': self.record}
                )
            except TemplateNotFound:
                return Markup('[could not find snippet template]')
        finally:
            ctx.flow_block_render_stack.pop()
github Robpol86 / Flask-Large-Application-Example / pypi_portal / middleware.py View on Github external
"""Whitelist specific HTML tags and strings.

    Positional arguments:
    value -- the string to perform the operation on.

    Returns:
    Markup() instance, indicating the string is safe.
    """
    translations = {
        '&amp;quot;': '"',
        '&amp;#39;': ''',
        '&amp;lsquo;': '‘',
        '&amp;nbsp;': '&nbsp;',
        '&lt;br&gt;': '<br>',
    }
    escaped = str(Markup.escape(value))  # Escapes everything.
    for k, v in translations.items():
        escaped = escaped.replace(k, v)  # Un-escape specific elements using str.replace.
    return Markup(escaped)  # Return as 'safe'.
github Salamek / gitlab-tools / gitlab_tools / middleware.py View on Github external
def whitelist(value: str) -&gt; Markup:
    """Whitelist specific HTML tags and strings.
    Positional arguments:
    value -- the string to perform the operation on.
    Returns:
    Markup() instance, indicating the string is safe.
    """
    translations = {
        '&amp;quot;': '"',
        '&amp;#39;': ''',
        '&amp;lsquo;': '‘',
        '&amp;nbsp;': '&nbsp;',
        '&lt;br&gt;': '<br>',
    }
    escaped = str(Markup.escape(value))  # Escapes everything.
    for k, v in translations.items():
        escaped = escaped.replace(k, v)  # Un-escape specific elements using str.replace.
    return Markup(escaped)  # Return as 'safe'.