Skip to main content

A pure Python HTML5 parser that just works.

Project description

JustHTML

HTML from the real web is messy. It is often malformed, user supplied, scraped from unknown pages, or headed for a browser where small parsing differences can become security bugs.

JustHTML gives Python projects one small dependency for the common HTML jobs:

  • parse HTML like a browser, including broken markup
  • sanitize untrusted HTML by default
  • query with CSS selectors
  • transform, serialize, extract text, or convert to Markdown
  • run anywhere Python runs, with no C extension and no system package to install
pip install justhtml

Requires Python 3.10 or later.

Documentation | Comparison | Playground | Security policy

JustHTML turns messy unsafe HTML into a sanitized, queryable DOM, then serializes it to text, Markdown, or HTML.

Why Use It?

Most Python HTML libraries optimize for one part of the problem.

html.parser is built in, but not HTML5-correct. BeautifulSoup is convenient, but depends heavily on the parser underneath. lxml and C/Rust-backed parsers are fast, but usually leave sanitization as a separate concern. html5lib and Bleach shaped the Python ecosystem, but both are no longer the obvious foundation for new projects.

JustHTML is for applications that want a boring, inspectable, pure-Python default:

  • Correct parsing: browser-style HTML5 recovery, tested against the official html5lib fixtures.
  • Safe by default: JustHTML(html) sanitizes before you query or serialize.
  • One DOM: parse once, then sanitize, query, transform, serialize, extract text, or produce Markdown.
  • Easy deployment: zero runtime dependencies, no compiler, works on PyPy and Pyodide.
  • Honest tradeoff: if you are parsing terabytes of trusted HTML, use a C/Rust parser. If you need reliable handling of untrusted or malformed HTML inside a Python app, use JustHTML.

Real-world signal: Mozilla Support migrated from Bleach to JustHTML in Kitsune, the Django application behind support.mozilla.org.

Quick Start

from justhtml import JustHTML

doc = JustHTML(
    "<p>Hello<script>alert(1)</script> "
    "<a href='javascript:alert(1)'>bad</a> "
    "<a href='https://example.com'>ok</a></p>",
    fragment=True,
)

print(doc.to_html(pretty=False))
# => <p>Hello <a>bad</a> <a href="https://example.com">ok</a></p>

Sanitization is enabled by default. Disable it only for trusted input:

doc = JustHTML("<main><p class='intro'>Hello</p></main>", sanitize=False)
intro = doc.query_one("p.intro")

print(intro.to_text())
# => Hello

What You Can Do

from justhtml import JustHTML, Linkify, SetAttrs, Unwrap

doc = JustHTML(
    "<p>Hello <span>world</span> example.com</p>",
    fragment=True,
    sanitize=False,
    transforms=[
        Unwrap("span"),
        Linkify(),
        SetAttrs("a", rel="nofollow"),
    ],
)

print(doc.to_html(pretty=False))
# => <p>Hello world <a href="http://example.com" rel="nofollow">example.com</a></p>

JustHTML includes:

Command Line

# Pretty-print an HTML file
justhtml index.html

# Parse from stdin
curl -s https://example.com | justhtml -

# Extract text from selected nodes
justhtml index.html --selector "main p" --format text

# Convert selected HTML to Markdown
justhtml index.html --selector "article" --format markdown

Correctness

JustHTML is tested against the official html5lib tokenizer, tree-construction, serializer, and encoding fixtures, plus project-specific sanitizer, selector, transform, CLI, and regression tests.

The current test summary is 10,257 passing tests with 100% line and branch coverage. See Correctness Testing for details.

Documentation

Security

JustHTML sanitizes by default, but output safety still depends on where you put it. HTML body output is not automatically safe inside JavaScript, CSS, URL attributes, or other contexts.

For the supported-version policy and vulnerability reporting, see SECURITY.md.

License

MIT. Free to use for commercial and non-commercial projects.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

justhtml-2.4.1.tar.gz (888.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

justhtml-2.4.1-py3-none-any.whl (156.8 kB view details)

Uploaded Python 3

File details

Details for the file justhtml-2.4.1.tar.gz.

File metadata

  • Download URL: justhtml-2.4.1.tar.gz
  • Upload date:
  • Size: 888.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for justhtml-2.4.1.tar.gz
Algorithm Hash digest
SHA256 c4e81b6129869e1c4656e994402e1f24b9d49573c2d6cda8c0e15d4169d0f604
MD5 d089e914cebe45c33486d4b39fef8fb8
BLAKE2b-256 4a5942fa17ea72f513e8243fb53e5961b7dd5d73b643f674467e3808b78c9276

See more details on using hashes here.

Provenance

The following attestation bundles were made for justhtml-2.4.1.tar.gz:

Publisher: publish.yml on EmilStenstrom/justhtml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file justhtml-2.4.1-py3-none-any.whl.

File metadata

  • Download URL: justhtml-2.4.1-py3-none-any.whl
  • Upload date:
  • Size: 156.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for justhtml-2.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 65b4e842ca40fe1a240c3e9fe1c64dd2a02542caec6704be145e06ffc0f1c89d
MD5 ee6878756c45a8c5fbbb4434e30cf1e8
BLAKE2b-256 bb4a5199a0b624f361782127b0fc41eb59fa0a3b859d6727b6fdc930b123aec2

See more details on using hashes here.

Provenance

The following attestation bundles were made for justhtml-2.4.1-py3-none-any.whl:

Publisher: publish.yml on EmilStenstrom/justhtml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page