MarkupSafe
Safely add untrusted strings to HTML/XML markup. (by pallets)
bleach
Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes (by mozilla)
Our great sponsors
MarkupSafe | bleach | |
---|---|---|
1 | 6 | |
598 | 2,618 | |
1.5% | 0.7% | |
8.1 | 6.4 | |
1 day ago | 10 days ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MarkupSafe
Posts with mentions or reviews of MarkupSafe.
We have used some of these posts to build our list of alternatives
and similar projects.
-
Check50 not working due to an import error.
After a quick search I found that there may have been a breaking change in that package (https://github.com/pallets/markupsafe/issues/284), but I haven't ready about other people doing CS50 getting the same error.
bleach
Posts with mentions or reviews of bleach.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-06-06.
-
What's your favorite alternative to bleach for sanitizing HTML?
I noticed via the changelog for Django 4.2.2 that bleach is deprecated (Django removed mention of it from their docs).
-
I wrote a markdown to html converter
I don't know a golang library for it but https://github.com/mozilla/bleach is a python lib that escapes all the nasty javascript inputs.
-
Django-tinymce and HTML Injection
bleach it!
-
Serialize Django Data for JavaScript
This is an excellent point; I should have addressed safety in my article. I'll point out that in my use case, I'm using `safe` on data I create and not any user-generated data.
You should never use `safe` on user data unless you use something like bleach (https://github.com/mozilla/bleach) to sanitize the data. Even then, you should use caution.
-
Rich text field and django rest framework
Use bleach to sanitize it https://bleach.readthedocs.io/en/latest/
- mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe,
What are some alternatives?
When comparing MarkupSafe and bleach you can also consider the following projects:
xhtml2pdf - A library for converting HTML into PDFs using ReportLab
lxml - The lxml XML toolkit for Python
xmltodict - Python module that makes working with XML feel like you are working with JSON
Jinja2 - A very fast and expressive template engine.
html5lib - Standards-compliant library for parsing and serializing HTML documents and fragments in Python
xmldataset - xmldataset: xml parsing made easy 🗃️
selectolax - Python binding to Modest and Lexbor engines (fast HTML5 parser with CSS selectors).
cssutils
pyquery - A jquery-like library for python