MarkupSafe provides a Python text wrapper that escapes special characters so untrusted strings can be safely included in HTML and XML. It helps mitigate injection attacks by converting characters with special meanings into their escaped forms, and it integrates with template engines like Jinja.
Project status
- Actively maintained, most recently updated to MarkupSafe 3.0.3 on 2025-09-27, with evidence of ongoing work after the 3.0.0 series.
- Apparent update cadence: 3.0.0 (2024-10-07), 3.0.1 (2024-10-08), 3.0.2 (2024-10-18), then a later bugfix update 3.0.3 (2025-09-27), suggesting clusters of rapid follow-ups in 2024 and a longer gap before the next update.
AI summary generated 2 weeks ago
Recent updates
3.0.3
8 months agoMarkupSafe 3.0.3 is presented as a bugfix-only release. The documented user-facing change is that the deprecated `__version__` attribute now emits a `DeprecationWarning` (instead of `UserWarning`), and it also updates the C extension initialization approach and wheel build targets.
3.0.2
10/18/2024MarkupSafe 3.0.2 is a bugfix release intended to avoid breaking behavior, with changes focused on escaping compatibility. The release notes mention a fix for cases where `__str__` returns a `str` subclass, plus an increase in the minimum required setuptools version for the build.
3.0.1
10/8/2024MarkupSafe 3.0.1 is a fix release that targets build compatibility with newer compilers and improves behavior when given proxy objects. The release notes state these changes do not introduce breaking behavior.
3.0.0
10/7/2024MarkupSafe 3.0.0 is a feature release that targets newer Python versions (including Python 3.13 and free-threaded builds) and removes support for Python 3.7 and 3.8. The release notes emphasize API signature updates, escaping behavior tweaks on certain Markup string methods, and performance improvements for escaping plain strings.
BreakingFeatures2.1.5
2/2/2024Release 2.1.5 is described as a patch fix for a regression in MarkupSafe's `striptags` behavior where spaces were not collapsed correctly. The code diff confirms the `striptags` implementation changed to collapse spaces, and additional repository configuration and dependency/tooling updates were also made.
2.1.4
1/19/2024Release 2.1.4 is a fix release that claims to only improve performance of Markup.striptags for large input, with no behavioral changes or breaking changes. The diff shows an implementation change to striptags plus various CI/dev-tooling version updates.
2.1.3
6/2/2023MarkupSafe 2.1.3 is presented as a small fix release on the 2.1.x branch, with no detailed user-facing changelog in the provided release notes text. The actual diff shows a mix of typing improvements, added Markup methods (format_map and several string-like helpers), and a subtle behavior change around how striptags returns types for subclasses.
Features2.1.2
1/17/2023Release 2.1.2 focuses on distribution improvements, notably providing wheels for Python 3.11 and generating SLSA provenance artifacts in the GitHub release process. The code diff also includes a behavioral fix in the tag-stripping logic for newline-containing HTML comments and tags.
2.1.1
3/15/2022Release 2.1.1 updates MarkupSafe mainly around the internal implementation of Markup.striptags to avoid ambiguous regex matches. The diff also includes minor repo maintenance changes (pre-commit autoupdate branch) and a corresponding test adjustment.
2.1.0
2/18/2022Release 2.1.0 updates MarkupSafe behavior and supported Python versions. It removes the deprecated soft_unicode alias in favor of soft_str, and it introduces stricter behavior around percent-style interpolation. The code diff also shows changes to formatting argument handling and some speedups gating logic.
Breaking