How to use the markupsafe.escape function in MarkupSafe
To help you get started, we’ve selected a few MarkupSafe examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
pallets / markupsafe / tests.py View on Github 
def test_escape_return_type(self):
self.assertIsInstance(escape('a'), Markup)
self.assertIsInstance(escape(Markup('a')), Markup)
class Foo:
def __html__(self):
return '<strong>Foo</strong>'
self.assertIsInstance(escape(Foo()), Markup)def imp(self, trans, dataset_id=None, **kwd):
""" Import another user's dataset via a shared URL; dataset is added to user's current history. """
# Set referer message.
referer = trans.request.referer
if referer:
referer_message = "<a href="%s">return to the previous page</a>" % escape(referer)
else:
referer_message = "<a href="%s">go to Galaxy's start page</a>" % url_for('/')
# Error checking.
if not dataset_id:
return trans.show_error_message("You must specify a dataset to import. You can %s." % referer_message, use_panels=True)
# Do import.
cur_history = trans.get_history(create=True)
status, message = self._copy_datasets(trans, [dataset_id], [cur_history], imported=True)
message = "Dataset imported. <br>You can <a href="%s">start using the dataset</a> or %s." % (url_for('/'), referer_message)
return trans.show_message(message, type=status, use_panels=True)def tag_attribute(name, value):
if value is NoValue:
return escape(name)
return u'%s="%s"' % (escape(name), escape(value))def get_value(self, trans, grid, item):
""" Returns first 150 characters of annotation. """
annotation = self.get_item_annotation_str(trans.sa_session, item.user, item)
if annotation:
ann_snippet = annotation[:155]
if len(annotation) > 155:
ann_snippet = ann_snippet[:ann_snippet.rfind(' ')]
ann_snippet += "..."
else:
ann_snippet = ""
return escape(ann_snippet)def link(self, link, title, text):
if self.record is not None:
url = url_parse(link)
if not url.scheme:
link = self.record.url_to('!' + link,
base_url=get_ctx().base_url)
link = escape(link)
if not title:
return '<a href="%s">%s</a>' % (link, text)
title = escape(title)
return '<a title="%s" href="%s">%s</a>' % (link, title, text)def _deserialize(occ):
try:
dt = dateutil.parser.parse('{} {}'.format(occ['date'], occ['time']))
except ValueError:
raise ValueError('Invalid date/time: {} {}'.format(escape(occ['date']), escape(occ['time'])))
return localize_as_utc(dt, self.timezone), timedelta(minutes=occ['duration'])def error(text, settings):
"""Initialize a new error popup."""
popup = Popup((
settings.popup_maximum_width, settings.popup_maximum_height
))
popup.__popup_type = 'panel-error "ECC: Error"'
popup.__text = markupsafe.escape(text)
return popup# Node must have at least one registered admin user
admin_query = self._get_admin_contributors_query(self._contributors.all()).exclude(user=contributor)
if not admin_query.exists():
return False
contrib_obj = self.contributor_set.get(user=contributor)
contrib_obj.delete()
# After remove callback
for addon in self.get_addons():
message = addon.after_remove_contributor(self, contributor, auth)
if message:
# Because addons can return HTML strings, addons are responsible
# for markupsafe-escaping any messages returned
status.push_status_message(message, kind='info', trust=True, id='remove_addon', extra={
'addon': markupsafe.escape(addon.config.full_name),
'category': markupsafe.escape(self.category_display),
'title': markupsafe.escape(self.title),
'user': markupsafe.escape(contributor.fullname)
})
if log:
self.add_log(
action=NodeLog.CONTRIB_REMOVED,
params={
'project': self.parent_id,
'node': self._id,
'contributors': [contributor._id],
},
auth=auth,
save=False,
)def _process_text(s):
s = escape(s)
s = urlize(s)
return s.replace('\n', '<br>')admin_query = self._get_admin_contributors_query(self._contributors.all()).exclude(user=contributor)
if not admin_query.exists():
return False
contrib_obj = self.contributor_set.get(user=contributor)
contrib_obj.delete()
# After remove callback
for addon in self.get_addons():
message = addon.after_remove_contributor(self, contributor, auth)
if message:
# Because addons can return HTML strings, addons are responsible
# for markupsafe-escaping any messages returned
status.push_status_message(message, kind='info', trust=True, id='remove_addon', extra={
'addon': markupsafe.escape(addon.config.full_name),
'category': markupsafe.escape(self.category_display),
'title': markupsafe.escape(self.title),
'user': markupsafe.escape(contributor.fullname)
})
if log:
self.add_log(
action=NodeLog.CONTRIB_REMOVED,
params={
'project': self.parent_id,
'node': self._id,
'contributors': [contributor._id],
},
auth=auth,
save=False,
)MarkupSafe
Safely add untrusted strings to HTML/XML markup.
Package Health Score
94 / 100Popular MarkupSafe functions
- markupsafe._compat.iteritems
- markupsafe._compat.string_types
- markupsafe._compat.text_type
- markupsafe._compat.text_type.__mod__
- markupsafe._compat.text_type.__mul__
- markupsafe._compat.text_type.__new__
- markupsafe._compat.text_type.__repr__
- markupsafe._compat.text_type.join
- markupsafe._compat.text_type.partition
- markupsafe._compat.text_type.rpartition
- markupsafe._compat.text_type.rsplit
- markupsafe._compat.text_type.split
- markupsafe._compat.text_type.splitlines
- markupsafe._compat.unichr
- markupsafe.escape
- markupsafe.escape_silent
- markupsafe.EscapeFormatter
- markupsafe.EscapeFormatter.__init__
- markupsafe.Markup
- markupsafe.Markup.escape