Using safe strings bypasses the Django XSS protection.
If you are bypassing it because you're trying to create HTML tags, use format_html() instead.
Checks for Django 1.1, 2 and 3 safe string types:
SafeStringSafeBytesSafeTextSafeUnicodemark_safe
As the use of this function may be intentional, it is a weak warning by default.
from django.utils.safestring import mark_safe
mystr = '<b>Hello World</b>'
mystr = mark_safe(mystr)- Use format_html() instead.