Minor formatting, unsafe_allow_html and fields coming from user

Hello, guys.

Could you advise please? I’m trying to make a view on lab inventory and need minor formatting for that, like a bold text for header and a superscript grey text right under it for notes. Something like this:
image

I can do that with unsafe_allow_html = True. Problem is, this data comes from the user. Is there any way to separate styling from values (like parameters)? I.e. to protect from injection.

this was dumb of me. Apparently just html.encode does the job

1 Like

Not a stupid question at all, and thanks for coming back to answer it for the next person wondering :slight_smile: