MarkupSafe implements a unicode subclass that supports HTML strings:

>>> from markupsafe import Markup, escape
>>> escape("<script>alert(document.cookie);</script>")
>>> tmpl = Markup("<em>%s</em>")
>>> tmpl % "Peter > Lustig"
Markup(u'<em>Peter &gt; Lustig</em>')

If you want to make an object unicode that is not yet unicode but don’t want to lose the taint information, you can use the soft_unicode function. (On Python 3 you can also use soft_str which is a different name for the same function).

>>> from markupsafe import soft_unicode
>>> soft_unicode(42)
>>> soft_unicode(Markup('foo'))

MarkupSafe is the most popular HTML string handling library for Python used by many different template engines and frameworks.