Bandit B704: Potential XSS with markupsafe.Markup detected.

[UlrichB22]

Bandit reports since version 1.8.3 (17.02.2025) the following warning:

https://bandit.readthedocs.io/en/latest/plugins/b704_markupsafe_markup_xss.html

For example in src/moin/apps/frontend/views.py:667

IMO we have validated all content before using markupsafe.Markup and can ignore B704 warnings.
Please advise.

[RogerHaase]

Best I can do is to defer to you.

[UlrichB22]

Most recent articles on the web recommend using a sanitizer like bleach or better nh3 to prevent XSS attacks. I am not able to evaluate the converters and whether it is safe to use Markup() on their output.

Bleach is deprecated and there is this interesting short post on the conversion to nh3:
https://daniel.feldroy.com/posts/2023-06-converting-from-bleach-to-nh3