Whenever you are building a web page, an email, or a report, you are probably going to rely on replacing placeholders in an HTML template with actual values that you need to show to your users.
We already saw in Chapter 2, Text Management, how a minimal, simple template engine can be implemented, but it wasn't specific to HTML in any way.
When working with HTML, it's particularly important to pay attention to escaping the values provided by users, as that might lead to broken pages or even XSS attacks.
You clearly don't want your users to get mad at you just because you registered yourself on your website with the surname "<script>alert('You are hacked!')</script>".
For this reason, the Python standard library provides escaping tools that can be used to properly prepare content for insertion into HTML.
...