{"id":23189,"library":"xss-utils","title":"xss-utils","description":"xss-utils provides utility functions to sanitize and escape content in Django and Mako templates, helping prevent cross-site scripting (XSS) attacks. Current version 1.0.0 supports Python 3.12, Django up to 5.2, and has dropped Python 3.11. The library is maintained by the Open edX project with regular updates.","status":"active","version":"1.0.0","language":"python","source_language":"en","source_url":"https://github.com/openedx/xss-utils","tags":["xss","security","django","mako","sanitization","openedx"],"install":[{"cmd":"pip install xss-utils","lang":"bash","label":"PyPI install"}],"dependencies":[],"imports":[{"note":"strip_all_tags_unsafe is a utility function in the utils module, not directly in xss_utils.","wrong":"from xss_utils import strip_all_tags_unsafe","symbol":"strip_all_tags_unsafe","correct":"from xss_utils.utils import strip_all_tags_unsafe"},{"note":"sanitize_html is the recommended function for safe HTML escaping in Django templates.","symbol":"sanitize_html","correct":"from xss_utils.utils import sanitize_html"},{"note":"When used as a Django template filter, import from xss_utils.filters.","symbol":"strip_all_tags_unsafe","correct":"from xss_utils.filters import strip_all_tags_unsafe"}],"quickstart":{"code":"from xss_utils.utils import sanitize_html\n\n# Example unsanitized HTML\nunsafe_html = '<script>alert(\"xss\")</script><p>Safe text</p>'\nsafe_html = sanitize_html(unsafe_html)\nprint(safe_html)  # Output: &lt;script&gt;alert(\"xss\")&lt;/script&gt;&lt;p&gt;Safe text&lt;/p&gt;","lang":"python","description":"Sanitize HTML by escaping all HTML tags, preventing XSS injection."},"warnings":[{"fix":"Upgrade to Python 3.12 or later.","message":"Version 1.0.0 dropped Python 3.11 support. Use Python 3.12+.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Use sanitize_html for full escaping of HTML content.","message":"The function strip_all_tags_unsafe does NOT sanitize HTML attributes or scripts; it only strips tags. For safe escaping, use sanitize_html instead.","severity":"gotcha","affected_versions":"all"},{"fix":"Update imports: from xss_utils.utils import sanitize_html","message":"Importing from xss_utils directly is deprecated in favor of importing from xss_utils.utils or xss_utils.filters.","severity":"deprecated","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Install with pip install xss-utils and import as xss_utils (underscore).","cause":"Library not installed or misspelled import (xss_utils vs xss-utils).","error":"ModuleNotFoundError: No module named 'xss_utils'"},{"fix":"Use: from xss_utils.utils import sanitize_html","cause":"Trying to import sanitize_html directly from xss_utils root instead of from xss_utils.utils.","error":"ImportError: cannot import name 'sanitize_html' from 'xss_utils'"},{"fix":"Use sanitize_html(my_string) not my_string.sanitize_html().","cause":"Calling sanitize_html as a method on a string instance instead of as a function.","error":"AttributeError: 'str' object has no attribute 'sanitize_html'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}