# _html_security

URL: /kida/api/environment/filters/_html_security/
Section: filters
Description: HTML and security filters for Kida templates.

---

> For a complete page index, fetch /kida/llms.txt.

Open LLM text
(/kida/api/environment/filters/_html_security/index.txt)

Share with AI

Ask Claude
(https://claude.ai/new?q=Please%20help%20me%20understand%20this%20documentation%3A%20%2Fkida%2Fapi%2Fenvironment%2Ffilters%2F_html_security%2Findex.txt)

Ask ChatGPT
(https://chatgpt.com/?q=Please%20help%20me%20understand%20this%20documentation%3A%20%2Fkida%2Fapi%2Fenvironment%2Ffilters%2F_html_security%2Findex.txt)

Ask Gemini
(https://gemini.google.com/app?q=Please%20help%20me%20understand%20this%20documentation%3A%20%2Fkida%2Fapi%2Fenvironment%2Ffilters%2F_html_security%2Findex.txt)

Ask Copilot
(https://copilot.microsoft.com/?q=Please%20help%20me%20understand%20this%20documentation%3A%20%2Fkida%2Fapi%2Fenvironment%2Ffilters%2F_html_security%2Findex.txt)

Module

#
`environment.filters._html_security`

HTML and security filters for Kida templates.

5Functions

## Functions

`_filter_escape`

1

`Markup`

▼

HTML-escape the value.

Returns a Markup object so the result won't be escaped …

`def _filter_escape(value: Any) -> Markup`

HTML-escape the value.

Returns a Markup object so the result won't be escaped again by autoescape.
Uses optimized html_escape_filter from utils.html module.

##### Parameters

Name
Type
Description

`value`
`Any`

##### Returns

`Markup`

`_filter_safe`

2

`Markup`

▼

Mark value as safe (no HTML escaping).

`def _filter_safe(value: Any, reason: str | None = None) -> Markup`

##### Parameters

Name
Type
Description

`value`
`Any`

Content to mark as safe for raw HTML output.

`reason`
`str | None`

Optional documentation of why this content is trusted. Purely for code review and audit purposes - not used at runtime.

Default:`None`

##### Returns

`Markup`

`_filter_striptags`

1

`str`

▼

Strip HTML tags.

`def _filter_striptags(value: str) -> str`

##### Parameters

Name
Type
Description

`value`
`str`

##### Returns

`str`

`_filter_xmlattr`

1

`Markup`

▼

Convert dict to XML attributes.

Returns Markup to prevent double-escaping when…

`def _filter_xmlattr(value: dict[str, Any]) -> Markup`

Convert dict to XML attributes.

Returns Markup to prevent double-escaping when autoescape is enabled.

##### Parameters

Name
Type
Description

`value`
`dict[str, Any]`

##### Returns

`Markup`

`_filter_csp_nonce`

2

`str`

▼

Inject CSP nonce into and tags.

If no nonce is provided, reads from RenderCo…

`def _filter_csp_nonce(value: Any, nonce: str | None = None) -> str`

Inject CSP nonce into