{"id":7550,"library":"pybars4","title":"PyBars4: Handlebars.js templating for Python 3","description":"PyBars4 is a Python 3 implementation of the popular Handlebars.js templating language. It allows developers to compile and render Handlebars templates within Python applications. The library is currently at version 0.9.13 and has an active, though somewhat sporadic, release cadence with recent updates focusing on bug fixes and changes to HTML escaping behavior.","status":"active","version":"0.9.13","language":"en","source_language":"en","source_url":"https://github.com/up9inc/pybars4","tags":["templating","handlebars","frontend","html","python3"],"install":[{"cmd":"pip install pybars4","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"The PyPI package name is 'pybars4', but the top-level import module is 'pybars'.","wrong":"from pybars4 import Compiler","symbol":"Compiler","correct":"from pybars import Compiler"}],"quickstart":{"code":"from pybars import Compiler\n\ncompiler = Compiler()\nsource = u\"Hello {{name}}!\"\ntemplate = compiler.compile(source)\n\ncontext = {'name': \"World\"}\nresult = template(context)\n\nprint(result) # Expected: Hello World!","lang":"python","description":"This quickstart demonstrates compiling a basic Handlebars template and rendering it with a Python dictionary context."},"warnings":[{"fix":"Manually escape variables using custom helpers or ensure all data passed to templates is already safe/sanitized before rendering. Review the security implications of this change carefully.","message":"HTML escaping was explicitly disabled by default in version 0.9.10. If your templates contain user-generated content and you relied on PyBars4 to automatically escape HTML, this change can introduce XSS vulnerabilities.","severity":"breaking","affected_versions":"0.9.10+"},{"fix":"Always use `from pybars import ...` or `import pybars` in your code after installing `pybars4`.","message":"The PyPI package is named `pybars4`, but the Python module to import is `pybars`.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure your project runs on Python 3. If you require Python 2 compatibility, you will need to find an alternative templating engine or use an older, unmaintained version of PyBars (not PyBars4).","message":"PyBars4 is a Python 3 specific library and does not support Python 2.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure that your context dictionaries or objects provide the attributes/keys that the Handlebars template expects. For complex objects, you might need to implement custom helper functions to expose data correctly within the template.","message":"Context handling can sometimes differ from JavaScript Handlebars, especially with complex Python objects vs. simple dictionaries. Issues like 'undefined object attributes' can occur if data access patterns don't match expectations.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Change your import statement from `from pybars4 import ...` to `from pybars import ...`.","cause":"You are trying to import from 'pybars4', but the correct module name is 'pybars'.","error":"ModuleNotFoundError: No module named 'pybars4'"},{"fix":"Ensure you are calling `compiler.compile(source)` to compile your template source string, where `compiler` is an instance of `Compiler`.","cause":"You are attempting to call the `Compiler` class instance directly, instead of its `compile` method.","error":"TypeError: 'Compiler' object is not callable"},{"fix":"Either manually escape all template variables (e.g., using a custom helper if available) or sanitize your input data before passing it to the template. Review the security implications of this change carefully.","cause":"Version 0.9.10 and later disabled default HTML escaping. Your application now relies on this behavior and might be vulnerable.","error":"Template rendering outputs unescaped HTML or introduces XSS vulnerabilities after upgrading"}]}