Python 3.14 is due to be released on October 7, 2025, but its beta version – Python 3.14.0 beta 4 has been released, loaded with exciting new features.

One of them is t-strings, a new string formatter that ensures secure string handling by processing the string before runtime.

» Not using beta versions in production is a good practice, as they are released to the masses for testing purposes only.

We already have quite a few string formatters in Python, like %, f-strings, and .format(). Below is a quick snippet showing how they work:

country = "United States"
count = 50

# C-style formatting with “%” operator (old-school)
print("%s has %d states." % (country, count))

# Using .format() method (pre-Python 3.6)
print("{} has {} states.".format(country, count))

# Using f-string (Python 3.6+)
print(f"{country} has {count} states.")

# Output: United States has 50 states.

What are t-strings?

t-strings ensure security, provide validation and safety to the string operations by avoiding run-time interpolation of values directly to the string, especially during dynamic string compositions.

If you’ve worked with JavaScript, t-strings may feel familiar, as they are the pythonic parallel to JavaScript’s tagged templates.

How do t-strings work?

t-strings formatter uses a Template object to separate the static and dynamic data (interpolated values) of a string, avoiding injection of untrusted input data into the application.

>>> country='United States'
>>> count=50
>>> t"{country} has {count} states!"

# Output
Template(strings=('', ' has ', ' states!'), interpolations=(Interpolation('United States', 'country', None, ''), Interpolation(50, 'count', None, '')))

» You can use t with single, double, and triple multiline quotes, it would work exactly the same as f-strings. You can also use t or T – both are supported.

Why do we need t-strings?

You should use it while:

  • working with SQL queries to avoid SQL injections

  • logging sensitive information

  • Working with dynamic websites (HTML based) to avoid cross-site scripting (XSS)

  • Setting up config files and environments

Example with t-strings

For example, to prevent information leakage, logging sensitive information using t-strings can be done by iterating over the Template object and checking to see if our credentials are an Interpolation type, which is an expression within the Template object:

from string.templatelib import Template, Interpolation
import logging

username = "user123"
password = "123!"

MASK_CHAR = "*"

def mask(template: Template) -> str:
    """Mask the values with a * so 
    credentials don't leak in the logs."""
    
    masked_str = ""

    for item in template:
        if isinstance(item, Interpolation):
            masked_str += MASK_CHAR * len(item.value)
        else:
            masked_str += item
            
    return masked_str


masked_info = mask(t"User {username} logged in with password {password}")
logging.basicConfig(level=logging.INFO)

logging.info(masked_info)                          

# INFO:root:User ******* logged in with password ****

» t-strings currently don’t support mathematical operations, inline expressions, string operations and if-else logic, unlike f-strings and .format()

TL;DR

  • Python 3.14 (Beta 4) introduces t-strings, a new secure string formatting feature.

  • Unlike f-strings, t-strings focus on safety: no inline code execution, just pure interpolation.

  • Ideal for security-critical use cases like:

    • Preventing SQL injections

    • Avoiding XSS attacks in HTML templates

    • Masking sensitive data in logs

    • Safely formatting config files

Final thoughts: t-strings are not here to replace existing string formatters in Python, but to compliment them by ensuring secure string handlings.

Happy coding!

📧 Join the Python Snacks Newsletter! 🐍

Want even more Python-related content that’s useful? Here’s 3 reasons why you should subscribe the Python Snacks newsletter:

  1. Get Ahead in Python with bite-sized Python tips and tricks delivered straight to your inbox, like the one above.

  2. Exclusive Subscriber Perks: Receive a curated selection of up to 6 high-impact Python resources, tips, and exclusive insights with each email.

  3. Get Smarter with Python in under 5 minutes. Your next Python breakthrough could just an email away.

You can unsubscribe at any time.

Subscribe for free today

Interested in starting a newsletter or a blog?

Do you have a wealth of knowledge and insights to share with the world? Starting your own newsletter or blog is an excellent way to establish yourself as an authority in your field, connect with a like-minded community, and open up new opportunities.

If TikTok, Twitter, Facebook, or other social media platforms were to get banned, you’d lose all your followers. This is why you should start a newsletter: you own your audience.

» Use this link to get 20% off for 3 months your newsletter! «

This article may contain affiliate links. Affiliate links come at no cost to you and support the costs of this blog. Should you purchase a product/service from an affiliate link, it will come at no additional cost to you.

Reply

or to participate

Keep Reading

No posts found
background

© 2025 Python Snacks.

Privacy policy

Terms of use

Powered by beehiiv