diff --git a/docs/release-notes/2236.feat.md b/docs/release-notes/2236.feat.md
index 38093264d..096a078a3 100644
--- a/docs/release-notes/2236.feat.md
+++ b/docs/release-notes/2236.feat.md
@@ -1 +1 @@
-Add rich HTML representation for {class}`~anndata.AnnData` objects in Jupyter notebooks with foldable sections, search/filter, category color visualization, dark mode support, and configurable settings via {attr}`anndata.settings`
+Add rich HTML representation for {class}`~anndata.AnnData` objects in Jupyter notebooks with foldable sections, search/filter, category color visualization, dark mode support, and configurable settings via {attr}`anndata.settings`. Rendering is built on {mod}`jinja2` and {mod}`markupsafe` with autoescape-by-default; extension packages register {class}`~anndata._repr.TypeFormatter` / {class}`~anndata._repr.SectionFormatter` subclasses that return {class}`~anndata._repr.FormattedOutput` with {class}`markupsafe.Markup`-typed HTML fragments (`preview_markup`, `type_markup`, `expanded_markup`).
diff --git a/pyproject.toml b/pyproject.toml
index 8a7a0cab0..9fd97ff0f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -47,6 +47,8 @@ dependencies = [
     "zarr >=3.1",
     "typing-extensions; python_version<'3.13'",
     "scverse-misc>=0.0.3",
+    "jinja2>=3.1",
+    "markupsafe>=3.0",
 ]
 dynamic = [ "version" ]
 
diff --git a/src/anndata/_repr/__init__.py b/src/anndata/_repr/__init__.py
index 6c39c6394..7f7b5a93f 100644
--- a/src/anndata/_repr/__init__.py
+++ b/src/anndata/_repr/__init__.py
@@ -68,6 +68,8 @@
 
     Example - format by Python type::
 
+        from markupsafe import Markup
+
         from anndata._repr import register_formatter, TypeFormatter, FormattedOutput
 
 
@@ -82,10 +84,27 @@ def format(self, obj, context):
                 return FormattedOutput(
                     type_name=f"MyArray {obj.shape}",
                     css_class="anndata-dtype--myarray",
-                    # preview_html provides HTML for the preview column (rightmost)
-                    preview_html=f'<span class="anndata-text--muted">({obj.n_items} items)</span>',
+                    # ``preview_markup`` takes trusted HTML. Build it with
+                    # ``Markup('<tag>{}</tag>').format(value)`` — MarkupSafe
+                    # autoescapes each non-``Markup`` arg at that boundary.
+                    preview_markup=Markup(
+                        '<span class="mypackage-summary">{} items</span>'
+                    ).format(obj.n_items),
                 )
 
+    **Preview contract**: if no custom HTML is needed, prefer the plain-text
+    ``preview`` field (autoescaped end-to-end). Use ``preview_markup`` when
+    you need custom structure. Three valid idioms:
+
+    - ``Markup('<tag>{}</tag>').format(value)`` — standard MarkupSafe pattern;
+      each non-``Markup`` arg is autoescaped.
+    - ``Markup(obj._repr_html_())`` — wrap trusted HTML from another package.
+    - ``get_macros().my_macro(value)`` — invoke a Jinja macro directly, which
+      also benefits from the engine's NUL-scrub finalize hook.
+
+    Never build HTML via ``Markup(f'...{value}...')`` — the f-string substitutes
+    ``value`` before ``Markup`` sees it, bypassing autoescape.
+
     **Error handling**: Formatters can signal errors in two ways:
 
     1. **Raise an exception** - The registry catches it, emits a warning with the
@@ -97,10 +116,12 @@ def format(self, obj, context):
        ``FormattedOutput(error="reason")`` directly. The row will be highlighted
        red and the error shown in the preview column.
 
-    When ``error`` is set, it takes precedence over ``preview`` and ``preview_html``.
+    When ``error`` is set, it takes precedence over ``preview`` and ``preview_markup``.
 
     Example - format by embedded type hint (for tagged data in uns)::
 
+        from markupsafe import Markup
+
         from anndata._repr import register_formatter, TypeFormatter, FormattedOutput
         from anndata._repr import extract_uns_type_hint
 
@@ -118,7 +139,9 @@ def format(self, obj, context):
                 hint, data = extract_uns_type_hint(obj)
                 return FormattedOutput(
                     type_name="config",
-                    preview_html="<span>Custom config preview</span>",
+                    preview_markup=Markup(
+                        '<span class="anndata-text--muted">{}</span>'
+                    ).format(data.get("name", "(unnamed)")),
                 )
 
     Data structure for type hints (works in any section)::
@@ -277,7 +300,7 @@ def _repr_html_(self):
         parts.append(
             render_section(
                 "items",
-                "\\n".join(entries),
+                Markup("\\n").join(entries),
                 n_items=len(self.items),
             )
         )
@@ -290,12 +313,12 @@ def _repr_html_(self):
 
     from anndata._repr import generate_repr_html, FormattedEntry, FormattedOutput
 
-    nested_html = generate_repr_html(adata, depth=1, max_depth=3)
+    # generate_repr_html already returns Markup; no Markup(...) wrap needed.
     entry = FormattedEntry(
         key="table",
         output=FormattedOutput(
             type_name=f"AnnData ({adata.n_obs} x {adata.n_vars})",
-            expanded_html=nested_html,  # Collapsible content below the row
+            expanded_markup=generate_repr_html(adata, depth=1, max_depth=3),
         ),
     )
 
@@ -321,7 +344,6 @@ def _repr_html_(self):
     DEFAULT_PREVIEW_ITEMS,
     DEFAULT_TYPE_WIDTH,
     DEFAULT_UNIQUE_LIMIT,
-    NOT_SERIALIZABLE_MSG,
 )
 
 # Documentation base URL
@@ -346,10 +368,6 @@ def get_section_doc_url(section: str) -> str:
     return f"{DOCS_BASE_URL}generated/anndata.AnnData.{section}.html"
 
 
-# Import main functionality
-# Inline styles for graceful degradation (from single source of truth)
-from .._repr_constants import STYLE_HIDDEN  # noqa: E402
-
 # Building blocks for packages that want to create their own _repr_html_
 # These allow reusing anndata's styling while building custom representations
 from .components import (  # noqa: E402
@@ -361,6 +379,7 @@ def get_section_doc_url(section: str) -> str:
     render_warning_icon,
 )
 from .css import get_css  # noqa: E402
+from .environment import get_macros  # noqa: E402
 from .html import (  # noqa: E402
     generate_repr_html,
     render_formatted_entry,
@@ -384,7 +403,6 @@ def get_section_doc_url(section: str) -> str:
 
 # HTML rendering helpers for building custom sections
 from .utils import (  # noqa: E402
-    escape_html,
     format_memory_size,
     format_number,
     validate_key,
@@ -402,9 +420,6 @@ def get_section_doc_url(section: str) -> str:
     "DEFAULT_UNIQUE_LIMIT",
     "DEFAULT_MAX_FIELD_WIDTH",
     "DEFAULT_TYPE_WIDTH",
-    "DOCS_BASE_URL",
-    "get_section_doc_url",
-    "NOT_SERIALIZABLE_MSG",
     # CSS dtype constants for custom formatters
     "CSS_DTYPE_NDARRAY",
     "CSS_DTYPE_ANNDATA",
@@ -425,12 +440,11 @@ def get_section_doc_url(section: str) -> str:
     # Building blocks for custom _repr_html_ implementations
     "get_css",
     "get_javascript",
-    "escape_html",
+    "get_macros",
     "format_number",
     "format_memory_size",
     "render_section",
     "render_formatted_entry",
-    "STYLE_HIDDEN",
     # UI component helpers
     "render_search_box",
     "render_copy_button",
diff --git a/src/anndata/_repr/components.py b/src/anndata/_repr/components.py
index db2530117..8c6f22213 100644
--- a/src/anndata/_repr/components.py
+++ b/src/anndata/_repr/components.py
@@ -17,13 +17,11 @@
 
 from dataclasses import dataclass, field
 
-from .._repr_constants import (
-    CSS_ENTRY,
-    CSS_TEXT_MUTED,
-    NOT_SERIALIZABLE_MSG,
-    STYLE_HIDDEN,
-)
-from .utils import escape_html, sanitize_css_color
+from markupsafe import Markup
+
+from .._repr_constants import CSS_ENTRY
+from .environment import get_macros
+from .utils import sanitize_css_color
 
 
 def render_entry_row_open(
@@ -34,7 +32,7 @@ def render_entry_row_open(
     is_error: bool = False,
     has_expandable_content: bool = False,
     extra_classes: str = "",
-) -> str:
+) -> Markup:
     """Render the opening tag for an entry row.
 
     For regular entries, returns ``<div class="anndata-entry ...">``.
@@ -58,9 +56,8 @@ def render_entry_row_open(
 
     Returns
     -------
-    Opening tag(s) with class and data attributes
+    ``Markup`` HTML for the opening tag(s) with class and data attributes.
     """
-    # Build CSS class string
     classes = [CSS_ENTRY]
     if extra_classes:
         classes.append(extra_classes)
@@ -69,21 +66,12 @@ def render_entry_row_open(
     if is_error:
         classes.append("error")
     css_class = " ".join(classes)
-
-    escaped_key = escape_html(key)
-    escaped_dtype = escape_html(dtype)
-
-    if has_expandable_content:
-        return (
-            f'<details class="{css_class}" data-key="{escaped_key}" data-dtype="{escaped_dtype}">'
-            f'<summary class="anndata-entry__summary">'
-        )
-    return f'<div class="{css_class}" data-key="{escaped_key}" data-dtype="{escaped_dtype}">'
+    return Markup(get_macros().row_open(key, dtype, css_class, has_expandable_content))
 
 
 def render_warning_icon(
     warnings: list[str], *, is_not_serializable: bool = False
-) -> str:
+) -> Markup:
     """Render warning icon with tooltip if there are warnings or serialization issues.
 
     Parameters
@@ -95,29 +83,12 @@ def render_warning_icon(
 
     Returns
     -------
-    HTML string for warning icon, or empty string if no warnings.
+    ``Markup`` HTML for warning icon, or empty ``Markup`` if no warnings.
     """
-    if not warnings and not is_not_serializable:
-        return ""
-
-    # Build the tooltip message
-    if is_not_serializable:
-        if warnings:
-            # "Not serializable: reason1; reason2"
-            reasons = "; ".join(warnings)
-            title = f"{NOT_SERIALIZABLE_MSG}: {reasons}"
-        else:
-            # Just "Not serializable to H5AD/Zarr"
-            title = NOT_SERIALIZABLE_MSG
-    else:
-        # Independent warnings joined with ";"
-        title = "; ".join(warnings)
-
-    title = escape_html(title)
-    return f'<span class="anndata-entry__warning" title="{title}">(!)</span>'
-
-
-def render_search_box(container_id: str = "") -> str:
+    return Markup(get_macros().warning_icon(warnings or [], is_not_serializable))
+
+
+def render_search_box(container_id: str = "") -> Markup:
     """
     Render a search box with filter indicator and search mode toggles.
 
@@ -132,35 +103,13 @@ def render_search_box(container_id: str = "") -> str:
 
     Returns
     -------
-    HTML string for the search box
-
-    Example
-    -------
-    >>> container_id = "spatialdata-123"
-    >>> parts = ['<div class="anndata-header">']
-    >>> parts.append('<span class="anndata-header__type">SpatialData</span>')
-    >>> parts.append('<span class="anndata-spacer"></span>')  # Spacer
-    >>> parts.append(render_search_box(container_id))
-    >>> parts.append("</div>")
+    ``Markup`` HTML for the search box.
     """
     search_id = f"{container_id}-search" if container_id else "anndata-search"
-    return (
-        f'<span class="anndata-search__box" style="{STYLE_HIDDEN}">'
-        f'<input type="text" id="{search_id}" name="{search_id}" '
-        f'class="anndata-search__input" '
-        f'placeholder="Search..." aria-label="Search fields">'
-        f'<span class="anndata-search__toggles">'
-        f'<button type="button" class="anndata-search__toggle anndata-search__toggle--case" '
-        f'title="Match case" aria-label="Match case" aria-pressed="false">Aa</button>'
-        f'<button type="button" class="anndata-search__toggle anndata-search__toggle--regex" '
-        f'title="Use regular expression" aria-label="Use regular expression" aria-pressed="false">.*</button>'
-        f"</span>"
-        f"</span>"
-        f'<span class="anndata-search__indicator"></span>'
-    )
+    return Markup(get_macros().search_box(search_id))
 
 
-def render_copy_button(text: str, tooltip: str = "Copy") -> str:
+def render_copy_button(text: str, tooltip: str = "Copy") -> Markup:
     """
     Render a copy-to-clipboard button.
 
@@ -176,51 +125,45 @@ def render_copy_button(text: str, tooltip: str = "Copy") -> str:
 
     Returns
     -------
-    HTML string for the copy button
+    ``Markup`` HTML for the copy button
 
     Example
     -------
     >>> name = "gene_expression"
     >>> html = f"<span>{name}</span>{render_copy_button(name, 'Copy name')}"
     """
-    escaped_text = escape_html(text)
-    escaped_tooltip = escape_html(tooltip)
-    return (
-        f'<button class="anndata-entry__copy" style="{STYLE_HIDDEN}" '
-        f'data-copy="{escaped_text}" title="{escaped_tooltip}" '
-        f'aria-label="{escaped_tooltip}"></button>'
-    )
+    return Markup(get_macros().copy_button(text, tooltip))
 
 
-def _render_wrap_button(css_class: str) -> str:
+def _render_wrap_button(css_class: str) -> Markup:
     """Render a wrap toggle button with the specified CSS class.
 
     Internal helper used by render_categories_wrap_button and render_columns_wrap_button.
     """
-    return f'<button class="{css_class}" style="display:none" title="Expand to multi-line view">▼</button>'
+    return Markup(get_macros().wrap_button(css_class))
 
 
-def render_categories_wrap_button() -> str:
+def render_categories_wrap_button() -> Markup:
     """Render a button to toggle category list between single-line and multi-line.
 
     Returns
     -------
-    HTML string for the wrap button (▼ expands, ▲ collapses)
+    ``Markup`` HTML for the wrap button (▼ expands, ▲ collapses)
     """
     return _render_wrap_button("anndata-categories__wrap")
 
 
-def render_columns_wrap_button() -> str:
+def render_columns_wrap_button() -> Markup:
     """Render a button to toggle column list between single-line and multi-line.
 
     Returns
     -------
-    HTML string for the wrap button (▼ expands, ▲ collapses)
+    ``Markup`` HTML for the wrap button (▼ expands, ▲ collapses)
     """
     return _render_wrap_button("anndata-columns__wrap")
 
 
-def render_muted_span(text: str) -> str:
+def render_muted_span(text: str) -> Markup:
     """Render text in a muted span (gray color).
 
     Parameters
@@ -230,12 +173,29 @@ def render_muted_span(text: str) -> str:
 
     Returns
     -------
-    HTML string with muted styling
+    ``Markup`` HTML with muted styling
     """
-    return f'<span class="{CSS_TEXT_MUTED}">{escape_html(text)}</span>'
+    return Markup(get_macros().muted_span(text))
 
 
-def render_nested_content(html_content: str) -> str:
+def render_filepath_span(path: str, style: str = "") -> Markup:
+    """Render a ``<span class="anndata-header__filepath">`` for backed/lazy files.
+
+    Parameters
+    ----------
+    path
+        File path to display (autoescaped).
+    style
+        Optional inline style (trusted CSS, not escaped).
+
+    Returns
+    -------
+    ``Markup`` HTML for the filepath span.
+    """
+    return Markup(get_macros().filepath_span(path, style))
+
+
+def render_nested_content(html_content: str | Markup) -> Markup:
     """Render nested/expanded content inside an expandable entry.
 
     The entry must have been opened with ``has_expandable_content=True``
@@ -246,25 +206,22 @@ def render_nested_content(html_content: str) -> str:
     Parameters
     ----------
     html_content
-        The HTML content to display when expanded
+        The trusted HTML (``Markup`` preferred; ``str`` is wrapped) to
+        display when expanded.
 
     Returns
     -------
-    HTML closing the summary and wrapping nested content
+    ``Markup`` HTML closing the summary and wrapping nested content.
     """
-    return (
-        f"</summary>"
-        f'<div class="anndata-entry__nested-content" style="margin-left:1.5em">'
-        f'<div class="anndata-entry__expanded">{html_content}</div>'
-        f"</div>"
-    )
+    body = html_content if isinstance(html_content, Markup) else Markup(html_content)
+    return Markup(get_macros().nested_content(body))
 
 
 def render_badge(
     text: str,
     variant: str = "",
     tooltip: str = "",
-) -> str:
+) -> Markup:
     """
     Render a badge (pill-shaped label).
 
@@ -285,17 +242,13 @@ def render_badge(
 
     Returns
     -------
-    HTML string for the badge
+    ``Markup`` HTML for the badge
 
     Example
     -------
     >>> badge = render_badge("Zarr", "anndata-badge--backed", "Backed by Zarr store")
     """
-    escaped_text = escape_html(text)
-    title_attr = f' title="{escape_html(tooltip)}"' if tooltip else ""
-    # Always include base class, optionally add variant
-    css_class = f"anndata-badge {variant}".strip() if variant else "anndata-badge"
-    return f'<span class="{css_class}"{title_attr}>{escaped_text}</span>'
+    return Markup(get_macros().badge(text, variant, tooltip))
 
 
 def render_header_badges(
@@ -305,7 +258,7 @@ def render_header_badges(
     is_lazy: bool = False,
     backing_path: str | None = None,
     backing_format: str | None = None,
-) -> str:
+) -> Markup:
     """
     Render standard header badges for view/backed/lazy status.
 
@@ -324,7 +277,7 @@ def render_header_badges(
 
     Returns
     -------
-    HTML string with badges
+    ``Markup`` HTML with badges
 
     Example
     -------
@@ -334,7 +287,7 @@ def render_header_badges(
     ...     backing_format="Zarr",
     ... )
     """
-    parts = []
+    parts: list[Markup] = []
     if is_view:
         parts.append(
             render_badge(
@@ -351,10 +304,10 @@ def render_header_badges(
                 "Lazy", "anndata-badge--lazy", "Lazy loading (experimental read_lazy)"
             )
         )
-    return "".join(parts)
+    return Markup("").join(parts)
 
 
-def render_name_cell(name: str) -> str:
+def render_name_cell(name: str) -> Markup:
     """Render a name cell with copy button and tooltip for truncated names.
 
     The structure uses flexbox so the copy button stays visible even when
@@ -367,17 +320,9 @@ def render_name_cell(name: str) -> str:
 
     Returns
     -------
-    HTML string for the cell div
+    ``Markup`` HTML for the cell span.
     """
-    escaped_name = escape_html(name)
-    return (
-        f'<span class="anndata-entry__name" style="display:inline-block;min-width:var(--anndata-name-col-width,100px);vertical-align:top">'
-        f'<span class="anndata-entry__name-inner">'
-        f'<span class="anndata-entry__name-text" title="{escaped_name}">{escaped_name}</span>'
-        f"{render_copy_button(name, 'Copy name')}"
-        f"</span>"
-        f"</span>"
-    )
+    return Markup(get_macros().name_cell(name))
 
 
 def render_category_list(
@@ -386,7 +331,7 @@ def render_category_list(
     max_cats: int,
     *,
     n_hidden: int = 0,
-) -> str:
+) -> Markup:
     """Render a list of category values with optional color dots.
 
     Parameters
@@ -405,32 +350,16 @@ def render_category_list(
     -------
     HTML string for the category list
     """
-    parts = ['<span class="anndata-categories">']
-    for i, cat in enumerate(categories[:max_cats]):
-        if i > 0:
-            parts.append('<span class="anndata-categories__sep">, </span>')
-        cat_name = escape_html(str(cat))
-        color = colors[i] if colors and i < len(colors) else None
-        parts.append('<span class="anndata-categories__item">')
-        if color:
-            # Sanitize color to prevent CSS injection
-            safe_color = sanitize_css_color(str(color))
-            if safe_color:
-                parts.append(
-                    f'<span class="anndata-categories__dot" style="background:{safe_color};"></span>'
-                )
-            # Skip color dot if color is invalid/unsafe
-        parts.append(f"<span>{cat_name}</span>")
-        parts.append("</span>")
-
-    # Calculate total hidden: from max_cats truncation + lazy truncation
+    visible = categories[:max_cats]
+    items: list[tuple[str, str | None]] = []
+    for i, cat in enumerate(visible):
+        raw_color = colors[i] if colors and i < len(colors) else None
+        safe_color = sanitize_css_color(str(raw_color)) if raw_color else None
+        items.append((str(cat), safe_color))
+
     hidden_from_max_cats = max(0, len(categories) - max_cats)
     total_hidden = hidden_from_max_cats + n_hidden
-
-    if total_hidden > 0:
-        parts.append(f'<span class="{CSS_TEXT_MUTED}">...+{total_hidden}</span>')
-    parts.append("</span>")
-    return "".join(parts)
+    return Markup(get_macros().category_list(items, total_hidden))
 
 
 @dataclass
@@ -446,7 +375,7 @@ class TypeCellConfig:
         The type name to display (e.g., "ndarray (100, 50) float32")
     css_class
         CSS class for the type span (e.g., "anndata-dtype--ndarray")
-    type_html
+    type_markup
         Optional custom HTML content for the type cell
     tooltip
         Optional tooltip for the type label
@@ -458,8 +387,8 @@ class TypeCellConfig:
         Whether to show columns wrap button
     has_categories_list
         Whether to show categories wrap button
-    append_type_html
-        If True, type_html is appended below type_name instead of replacing it
+    append_type_markup
+        If True, type_markup is appended below type_name instead of replacing it
 
     Examples
     --------
@@ -482,33 +411,33 @@ class TypeCellConfig:
 
     type_name: str
     css_class: str
-    type_html: str | None = None
+    type_markup: Markup | None = None
     tooltip: str = ""
     warnings: list[str] = field(default_factory=list)
     is_not_serializable: bool = False
     has_columns_list: bool = False
     has_categories_list: bool = False
-    append_type_html: bool = False
+    append_type_markup: bool = False
 
 
-def render_entry_type_cell(config: TypeCellConfig) -> str:
+def render_entry_type_cell(config: TypeCellConfig) -> Markup:
     """Render the type cell for an entry row.
 
     This is a unified helper that handles all type cell variations:
     - Type label with optional tooltip
-    - Custom type_html (as replacement or appended content)
+    - Custom type_markup (as replacement or appended content)
     - Warning icon
     - Expand/wrap buttons
 
-    The type_html and append_type_html config fields control content rendering:
+    The type_markup and append_type_markup config fields control content rendering:
 
-    1. No type_html: Shows type_name in a styled span
+    1. No type_markup: Shows type_name in a styled span
        ``<span class="anndata-dtype--X">type_name</span>``
 
-    2. type_html with append_type_html=False (default): type_html REPLACES type_name
+    2. type_markup with append_type_markup=False (default): type_markup REPLACES type_name
        Used for fully custom type content (e.g., category swatches instead of text)
 
-    3. type_html with append_type_html=True: type_html is shown BELOW type_name
+    3. type_markup with append_type_markup=True: type_markup is shown BELOW type_name
        Used to add extra content while keeping the type label
        (e.g., showing category list below "categorical" label)
 
@@ -519,66 +448,27 @@ def render_entry_type_cell(config: TypeCellConfig) -> str:
 
     Returns
     -------
-    HTML string for the complete type cell
-
-    Examples
-    --------
-    >>> config = TypeCellConfig(
-    ...     type_name="ndarray (100, 50) float32",
-    ...     css_class="anndata-dtype--ndarray",
-    ...     tooltip="Dense array",
-    ... )
-    >>> html = render_entry_type_cell(config)
+    ``Markup`` HTML for the complete type cell.
     """
-    type_name = config.type_name
-    css_class = config.css_class
-    type_html = config.type_html
-    tooltip = config.tooltip
-    warnings = config.warnings
-    is_not_serializable = config.is_not_serializable
-    has_columns_list = config.has_columns_list
-    has_categories_list = config.has_categories_list
-    append_type_html = config.append_type_html
-
-    parts = [
-        '<span class="anndata-entry__type" style="display:inline-block;min-width:var(--anndata-type-col-width,180px);vertical-align:top">'
-    ]
-
-    # Type content: handle different cases
-    if type_html and not append_type_html:
-        # type_html replaces the type label entirely
-        parts.append(type_html)
-    elif tooltip:
-        parts.append(
-            f'<span class="{css_class}" title="{escape_html(tooltip)}">'
-            f"{escape_html(type_name)}</span>"
+    return Markup(
+        get_macros().type_cell(
+            type_name=config.type_name,
+            css_class=config.css_class,
+            type_markup=config.type_markup,
+            tooltip=config.tooltip,
+            all_warnings=config.warnings,
+            is_not_serializable=config.is_not_serializable,
+            has_columns_list=config.has_columns_list,
+            has_categories_list=config.has_categories_list,
+            append_type_markup=config.append_type_markup,
         )
-    else:
-        parts.append(f'<span class="{css_class}">{escape_html(type_name)}</span>')
-
-    # Warning icon
-    parts.append(
-        render_warning_icon(warnings or [], is_not_serializable=is_not_serializable)
     )
 
-    # Wrap buttons
-    if has_columns_list:
-        parts.append(render_columns_wrap_button())
-    if has_categories_list:
-        parts.append(render_categories_wrap_button())
-
-    # Appended type_html (for custom inline rendering below the type)
-    if type_html and append_type_html:
-        parts.append(f'<span class="anndata-entry__custom">{type_html}</span>')
-
-    parts.append("</span>")
-    return "".join(parts)
-
 
 def render_entry_preview_cell(
-    preview_html: str | None = None,
+    preview_markup: Markup | None = None,
     preview_text: str | None = None,
-) -> str:
+) -> Markup:
     """Render the preview cell (third column) for an entry row.
 
     Formatters are responsible for producing complete preview content.
@@ -586,23 +476,18 @@ def render_entry_preview_cell(
 
     Parameters
     ----------
-    preview_html
-        Raw HTML content for preview (highest priority)
+    preview_markup
+        Trusted HTML (``Markup``) for preview (highest priority).
     preview_text
-        Plain text preview (will be escaped and muted)
+        Plain text preview (autoescaped and muted).
 
     Returns
     -------
-    HTML string for the preview cell
+    ``Markup`` HTML for the preview cell.
     """
-    parts = [
-        '<span class="anndata-entry__preview" style="display:inline-block;vertical-align:top">'
-    ]
-
-    if preview_html:
-        parts.append(preview_html)
-    elif preview_text:
-        parts.append(render_muted_span(preview_text))
-
-    parts.append("</span>")
-    return "".join(parts)
+    return Markup(
+        get_macros().preview_cell(
+            preview_markup=preview_markup,
+            preview_text=preview_text,
+        )
+    )
diff --git a/src/anndata/_repr/core.py b/src/anndata/_repr/core.py
index 3546a0183..1bb086571 100644
--- a/src/anndata/_repr/core.py
+++ b/src/anndata/_repr/core.py
@@ -13,22 +13,15 @@
 
 from typing import TYPE_CHECKING
 
+from markupsafe import Markup
+
 from .._repr_constants import (
     CSS_DTYPE_CATEGORY,
     CSS_DTYPE_DATAFRAME,
-    CSS_TEXT_ERROR,
-    CSS_TEXT_MUTED,
-)
-from .components import (
-    TypeCellConfig,
-    render_entry_preview_cell,
-    render_entry_row_open,
-    render_entry_type_cell,
-    render_name_cell,
-    render_nested_content,
 )
+from .environment import get_env, get_macros
 from .registry import formatter_registry
-from .utils import escape_html, format_number
+from .utils import format_number
 
 if TYPE_CHECKING:
     from .registry import FormattedEntry, FormatterContext
@@ -36,7 +29,7 @@
 
 def render_section(  # noqa: PLR0913
     name: str,
-    entries_html: str,
+    entries: Markup,
     *,
     n_items: int,
     doc_url: str | None = None,
@@ -44,7 +37,8 @@ def render_section(  # noqa: PLR0913
     should_collapse: bool = False,
     section_id: str | None = None,
     count_str: str | None = None,
-) -> str:
+    extra_classes: str = "",
+) -> Markup:
     """
     Render a complete section with header and content.
 
@@ -55,8 +49,10 @@ def render_section(  # noqa: PLR0913
     ----------
     name
         Display name for the section header (e.g., 'images', 'tables')
-    entries_html
-        HTML content for the section body (table rows)
+    entries
+        Trusted HTML (``markupsafe.Markup``) for the section body.
+        Typically produced by joining per-entry ``Markup`` values,
+        e.g. ``Markup("\\n").join(render_formatted_entry(e) for e in entries)``.
     n_items
         Number of items (used for empty check and default count string)
     doc_url
@@ -72,12 +68,14 @@ def render_section(  # noqa: PLR0913
 
     Returns
     -------
-    HTML string for the complete section
+    ``Markup`` HTML for the complete section.
 
     Examples
     --------
     ::
 
+        from markupsafe import Markup
+
         from anndata._repr import (
             CSS_DTYPE_NDARRAY,
             FormattedEntry,
@@ -86,19 +84,21 @@ def render_section(  # noqa: PLR0913
             render_section,
         )
 
-        rows = []
-        for key, info in items.items():
-            entry = FormattedEntry(
-                key=key,
-                output=FormattedOutput(
-                    type_name=info["type"], css_class=CSS_DTYPE_NDARRAY
-                ),
+        rows = [
+            render_formatted_entry(
+                FormattedEntry(
+                    key=key,
+                    output=FormattedOutput(
+                        type_name=info["type"], css_class=CSS_DTYPE_NDARRAY
+                    ),
+                )
             )
-            rows.append(render_formatted_entry(entry))
+            for key, info in items.items()
+        ]
 
         html = render_section(
             "images",
-            "\\n".join(rows),
+            Markup("\\n").join(rows),
             n_items=len(items),
             doc_url="https://docs.example.com/images",
             tooltip="Image data",
@@ -106,78 +106,38 @@ def render_section(  # noqa: PLR0913
     """
     if section_id is None:
         section_id = name
-
-    if n_items == 0:
-        return render_empty_section(name, doc_url, tooltip)
-
     if count_str is None:
-        count_str = f"({n_items} items)"
-
-    open_attr = " open" if not should_collapse else ""
-    parts = [
-        f'<details class="anndata-section" data-section="{escape_html(section_id)}"{open_attr}>'
-    ]
-
-    # Header
-    parts.append(_render_section_header(name, count_str, doc_url, tooltip))
-
-    # Content
-    parts.append('<div class="anndata-section__content">')
-    parts.append('<div class="anndata-section__entries">')
-    parts.append(entries_html)
-    parts.append("</div></div></details>")
-
-    return "\n".join(parts)
-
-
-def _render_section_header(
-    name: str,
-    count_str: str,
-    doc_url: str | None,
-    tooltip: str,
-) -> str:
-    """Render a section header as <summary> - native disclosure triangle replaces fold icon."""
-    parts = ["<summary>"]
-    parts.append(f'<span class="anndata-section__name">{escape_html(name)}</span>')
-    parts.append(
-        f'<span class="anndata-section__count">{escape_html(count_str)}</span>'
-    )
-    if doc_url:
-        parts.append(
-            f'<a class="anndata-section__help"  href="{escape_html(doc_url)}" target="_blank" title="{escape_html(tooltip)}">?</a>'
+        count_str = "(empty)" if n_items == 0 else f"({n_items} items)"
+
+    return Markup(
+        get_env()
+        .get_template("section.j2")
+        .render(
+            name=name,
+            count_str=count_str,
+            doc_url=doc_url,
+            tooltip=tooltip,
+            should_collapse=should_collapse,
+            section_id=section_id,
+            n_items=n_items,
+            entries=entries,
+            extra_classes=extra_classes,
         )
-    parts.append("</summary>")
-    return "\n".join(parts)
+    )
 
 
 def render_empty_section(
     name: str,
     doc_url: str | None = None,
     tooltip: str = "",
-) -> str:
+) -> Markup:
     """Render an empty section indicator."""
-    # Build help link if doc_url provided
-    help_link = ""
-    if doc_url:
-        help_link = f'<a class="anndata-section__help"  href="{escape_html(doc_url)}" target="_blank" title="{escape_html(tooltip)}">?</a>'
-
-    return f"""
-<details class="anndata-section" data-section="{escape_html(name)}">
-    <summary>
-        <span class="anndata-section__name">{escape_html(name)}</span>
-        <span class="anndata-section__count">(empty)</span>
-        {help_link}
-    </summary>
-    <div class="anndata-section__content">
-        <div class="anndata-section__empty">No entries</div>
-    </div>
-</details>
-"""
+    return render_section(name, Markup(""), n_items=0, doc_url=doc_url, tooltip=tooltip)
 
 
-def render_truncation_indicator(remaining: int) -> str:
+def render_truncation_indicator(remaining: int) -> Markup:
     """Render a truncation indicator."""
-    return f'<div class="anndata-section__truncated">... and {format_number(remaining)} more</div>'
+    return Markup(get_macros().truncation_indicator(format_number(remaining)))
 
 
 def get_section_tooltip(section: str) -> str:
@@ -196,43 +156,45 @@ def get_section_tooltip(section: str) -> str:
     return tooltips.get(section, "")
 
 
-def render_x_entry(obj: object, context: FormatterContext) -> str:
+def render_x_entry(obj: object, context: FormatterContext) -> Markup:
     """Render X as a single compact entry row.
 
     Works with AnnData, Raw, and any object with an X attribute.
     Handles missing or broken X attributes gracefully.
     """
-    parts = ['<div class="anndata-x__entry">']
-    parts.append("<span>X</span>")
+    state = "ok"
+    type_name = ""
+    css_class = ""
+    error_msg = ""
 
     try:
         X = obj.X
     except Exception as e:  # noqa: BLE001
-        # Handle missing or broken X attribute gracefully
+        state = "attribute_error"
         error_msg = f"error: {type(e).__name__}"
-        parts.append(
-            f'<span class="{CSS_TEXT_MUTED}"><em>({escape_html(error_msg)})</em></span>'
-        )
-        parts.append("</div>")
-        return "\n".join(parts)
-
-    if X is None:
-        parts.append("<span><em>None</em></span>")
     else:
-        # Format the X matrix (formatter includes all info like sparsity, on disk, etc.)
-        try:
-            output = formatter_registry.format_value(X, context)
-            parts.append(
-                f'<span class="{output.css_class}">{escape_html(output.type_name)}</span>'
-            )
-        except Exception as e:  # noqa: BLE001
-            error_msg = f"error formatting: {type(e).__name__}"
-            parts.append(
-                f'<span class="{CSS_TEXT_MUTED}"><em>({escape_html(error_msg)})</em></span>'
-            )
-
-    parts.append("</div>")
-    return "\n".join(parts)
+        if X is None:
+            state = "none"
+        else:
+            try:
+                output = formatter_registry.format_value(X, context)
+                type_name = output.type_name
+                css_class = output.css_class
+            except Exception as e:  # noqa: BLE001
+                state = "format_error"
+                error_msg = f"error formatting: {type(e).__name__}"
+
+    return Markup(
+        get_env()
+        .get_template("x_entry.j2")
+        .render(
+            x_label="X",
+            state=state,
+            type_name=type_name,
+            css_class=css_class,
+            error_msg=error_msg,
+        )
+    )
 
 
 def render_formatted_entry(
@@ -240,9 +202,9 @@ def render_formatted_entry(
     section: str = "",
     *,
     extra_warnings: list[str] | None = None,
-    append_type_html: bool = False,
+    append_type_markup: bool = False,
     preview_note: str | None = None,
-) -> str:
+) -> Markup:
     """
     Render a FormattedEntry as a table row.
 
@@ -257,15 +219,15 @@ def render_formatted_entry(
         Optional section name (used for meta column rendering)
     extra_warnings
         Additional warnings to display (e.g., key validation warnings)
-    append_type_html
-        If True, append type_html below type_name instead of replacing it.
+    append_type_markup
+        If True, append type_markup below type_name instead of replacing it.
         Used for mapping entries (obsm, varm, etc.) to show extra content.
     preview_note
         Optional note to prepend to preview text (for type hints in uns)
 
     Returns
     -------
-    HTML string for the table row(s)
+    ``Markup`` HTML for the table row(s)
 
     Examples
     --------
@@ -292,13 +254,13 @@ def render_formatted_entry(
 
     With expandable nested content::
 
-        nested_html = generate_repr_html(adata, depth=1)
+        # generate_repr_html already returns Markup — no wrap needed.
         entry = FormattedEntry(
             key="cell_table",
             output=FormattedOutput(
                 type_name="AnnData (150 × 30)",
                 css_class=CSS_DTYPE_ANNDATA,
-                expanded_html=nested_html,
+                expanded_markup=generate_repr_html(adata, depth=1),
             ),
         )
         html = render_formatted_entry(entry)
@@ -325,78 +287,45 @@ def render_formatted_entry(
         html = render_formatted_entry(entry)
     """
     output = entry.output
-    extra_warnings = extra_warnings or []
-
-    # Compute entry CSS classes
-    # Both hard errors and serialization issues get red background
-    all_warnings = extra_warnings + list(output.warnings)
+    all_warnings = (extra_warnings or []) + list(output.warnings)
     has_error = output.error is not None or not output.is_serializable
-
-    has_expandable_content = output.expanded_html is not None
-    # Detect wrap button needs from output css_class
+    has_expandable_content = output.expanded_markup is not None
     has_categories = output.css_class == CSS_DTYPE_CATEGORY and bool(
-        output.preview_html
+        output.preview_markup
     )
     has_columns_list = output.css_class == CSS_DTYPE_DATAFRAME and bool(
-        output.preview_html
-    )
-
-    # Build row using consolidated helper
-    parts = [
-        render_entry_row_open(
-            entry.key,
-            output.type_name,
-            has_warnings=bool(all_warnings),
-            is_error=has_error,
-            has_expandable_content=has_expandable_content,
-        )
-    ]
-
-    # Name cell
-    parts.append(render_name_cell(entry.key))
-
-    # Type cell
-    type_cell_config = TypeCellConfig(
-        type_name=output.type_name,
-        css_class=output.css_class,
-        type_html=output.type_html if append_type_html else None,
-        tooltip=output.tooltip,
-        warnings=all_warnings,
-        is_not_serializable=not output.is_serializable,
-        has_columns_list=has_columns_list,
-        has_categories_list=has_categories,
-        append_type_html=append_type_html,
+        output.preview_markup
     )
-    parts.append(render_entry_type_cell(type_cell_config))
 
-    # Preview cell
-    # Error takes precedence over preview/preview_html
-    preview_html = output.preview_html
+    preview_markup = output.preview_markup
     preview_text = output.preview
-
-    if output.error and not preview_html:
-        # Generate error preview if error is set but no preview_html provided
-        error_text = escape_html(output.error)
-        preview_html = f'<span class="{CSS_TEXT_ERROR}">{error_text}</span>'
+    if output.error and not preview_markup:
+        preview_markup = Markup(get_macros().error_preview(output.error))
 
     if preview_note and preview_text:
         preview_text = f"{preview_note} {preview_text}"
     elif preview_note:
         preview_text = preview_note
 
-    parts.append(
-        render_entry_preview_cell(
-            preview_html=preview_html,
+    rendered = (
+        get_env()
+        .get_template("entry.j2")
+        .render(
+            entry_key=entry.key,
+            type_name=output.type_name,
+            css_class=output.css_class,
+            type_markup=output.type_markup,
+            tooltip=output.tooltip,
+            all_warnings=all_warnings,
+            is_not_serializable=not output.is_serializable,
+            has_error=has_error,
+            has_expandable_content=has_expandable_content,
+            has_columns_list=has_columns_list,
+            has_categories_list=has_categories,
+            append_type_markup=append_type_markup,
+            preview_markup=preview_markup,
             preview_text=preview_text,
+            expanded_markup=output.expanded_markup,
         )
     )
-
-    # Expandable entries use <details>/<summary>; render_nested_content
-    # closes the <summary> and adds the nested content div.
-    if has_expandable_content:
-        parts.append(render_nested_content(output.expanded_html))
-        parts.append("</details>")
-    else:
-        parts.append("</div>")
-
-    return "\n".join(parts)
+    return Markup(rendered)
diff --git a/src/anndata/_repr/environment.py b/src/anndata/_repr/environment.py
new file mode 100644
index 000000000..68d55da57
--- /dev/null
+++ b/src/anndata/_repr/environment.py
@@ -0,0 +1,76 @@
+"""
+Jinja2 Environment for the AnnData HTML repr.
+
+The repr renders by feeding structured values (plus pre-produced HTML
+fragments wrapped in ``markupsafe.Markup``) into templates loaded from
+``anndata._repr.templates``. Autoescape is on by default:
+
+- Plain ``str`` values are escaped (``<``, ``>``, ``&``, ``"``, ``'``).
+- ``Markup`` values pass through verbatim because Jinja recognises the type.
+
+The trust contract is therefore typed rather than conventional: data arrives
+as ``str`` and gets escaped; HTML arrives as ``Markup`` and is trusted.
+"""
+
+from __future__ import annotations
+
+from functools import cache
+
+from jinja2 import Environment, PackageLoader, select_autoescape
+
+from .._repr_constants import (
+    CSS_COLORS,
+    CSS_COLORS_SWATCH,
+    CSS_COLORS_SWATCH_INVALID,
+    CSS_DTYPE_UNKNOWN,
+    CSS_NESTED_ANNDATA,
+    CSS_TEXT_ERROR,
+    CSS_TEXT_MUTED,
+    CSS_TEXT_WARNING,
+    NOT_SERIALIZABLE_MSG,
+    STYLE_HIDDEN,
+)
+
+
+def _scrub_nulls(value):
+    # Null bytes in user data break HTML parsers; replace pre-escape.
+    # Markup values pass through unchanged.
+    if isinstance(value, str) and not hasattr(value, "__html__"):
+        return value.replace("\x00", "\ufffd")
+    return value
+
+
+@cache
+def get_env() -> Environment:
+    env = Environment(
+        loader=PackageLoader("anndata._repr", "templates"),
+        autoescape=select_autoescape(default=True, default_for_string=True),
+        trim_blocks=True,
+        lstrip_blocks=True,
+        finalize=_scrub_nulls,
+    )
+    env.globals.update(
+        CSS_COLORS=CSS_COLORS,
+        CSS_COLORS_SWATCH=CSS_COLORS_SWATCH,
+        CSS_COLORS_SWATCH_INVALID=CSS_COLORS_SWATCH_INVALID,
+        CSS_DTYPE_UNKNOWN=CSS_DTYPE_UNKNOWN,
+        CSS_NESTED_ANNDATA=CSS_NESTED_ANNDATA,
+        CSS_TEXT_ERROR=CSS_TEXT_ERROR,
+        CSS_TEXT_MUTED=CSS_TEXT_MUTED,
+        CSS_TEXT_WARNING=CSS_TEXT_WARNING,
+        NOT_SERIALIZABLE_MSG=NOT_SERIALIZABLE_MSG,
+        STYLE_HIDDEN=STYLE_HIDDEN,
+    )
+    return env
+
+
+@cache
+def get_macros():
+    """Cached handle to the macros module from ``_macros.j2``.
+
+    Extension packages can invoke any macro as ``get_macros().name(args)``.
+    Macro calls render through this module's Jinja environment, so
+    arguments flow through autoescape + the NUL-scrub finalize hook — the
+    safest way to build custom HTML from user data.
+    """
+    return get_env().get_template("_macros.j2").module
diff --git a/src/anndata/_repr/formatters.py b/src/anndata/_repr/formatters.py
index 8407455f3..fb3c2836d 100644
--- a/src/anndata/_repr/formatters.py
+++ b/src/anndata/_repr/formatters.py
@@ -21,12 +21,10 @@
 
 import numpy as np
 import pandas as pd
+from markupsafe import Markup
 
 from .._repr_constants import (
     COLOR_PREVIEW_LIMIT,
-    CSS_COLORS,
-    CSS_COLORS_SWATCH,
-    CSS_COLORS_SWATCH_INVALID,
     CSS_DTYPE_ANNDATA,
     CSS_DTYPE_ARRAY_API,
     CSS_DTYPE_AWKWARD,
@@ -42,11 +40,10 @@
     CSS_DTYPE_STRING,
     CSS_DTYPE_TPU,
     CSS_DTYPE_UNKNOWN,
-    CSS_NESTED_ANNDATA,
-    CSS_TEXT_MUTED,
 )
 from ..compat import has_xp
-from .components import render_category_list
+from .components import render_category_list, render_muted_span
+from .environment import get_macros
 from .lazy import get_lazy_categorical_info, is_lazy_column
 from .registry import (
     FormattedOutput,
@@ -56,7 +53,6 @@
 from .utils import (
     check_color_category_mismatch,
     check_invalid_colors,
-    escape_html,
     format_invalid_colors_warning,
     format_number,
     get_categories_for_display,
@@ -393,30 +389,31 @@ def format(self, obj: pd.DataFrame, context: FormatterContext) -> FormattedOutpu
         n_rows, n_cols = len(df), len(df.columns)
         cols = list(df.columns)
 
-        # Build preview_html with column list for obsm/varm sections
+        # Build preview_markup with column list for obsm/varm sections
         # Uses anndata-columns class for CSS truncation and JS wrap button
-        preview_html = None
+        preview_markup: Markup | None = None
         if n_cols > 0 and context.section in ("obsm", "varm"):
-            col_str = ", ".join(escape_html(str(c)) for c in cols)
-            preview_html = f'<span class="anndata-columns">[{col_str}]</span>'
+            preview_markup = Markup(
+                get_macros().columns_preview([str(c) for c in cols])
+            )
 
         # Check if expandable _repr_html_ is enabled
         expand_dataframes = get_setting("repr_html_dataframe_expand", default=False)
 
-        expanded_html = None
+        expanded_markup: Markup | None = None
         if expand_dataframes and n_rows > 0 and n_cols > 0:
             # Use pandas _repr_html_() for native Jupyter-style output
             # Respects pd.options.display settings (max_rows, max_columns, etc.)
             # Intentional broad catch: _repr_html_() can fail in many ways
             # (memory, recursion, custom dtypes, etc.) - gracefully degrade
             with contextlib.suppress(Exception):
-                expanded_html = df._repr_html_()
+                expanded_markup = Markup(df._repr_html_())
 
         return FormattedOutput(
             type_name=f"DataFrame ({format_number(n_rows)} × {format_number(n_cols)})",
             css_class=CSS_DTYPE_DATAFRAME,
-            expanded_html=expanded_html,
-            preview_html=preview_html,
+            expanded_markup=expanded_markup,
+            preview_markup=preview_markup,
             is_serializable=True,
         )
 
@@ -542,8 +539,8 @@ def format(  # noqa: PLR0912
             else f"category ({n_categories})"
         )
 
-        # Build preview_html with category list and colors
-        preview_html = None
+        # Build preview_markup with category list and colors
+        preview_markup: Markup | None = None
         error = None
         if context.section in ("obs", "var") and context.key is not None:
             try:
@@ -555,11 +552,9 @@ def format(  # noqa: PLR0912
                 if len(categories) == 0:
                     # Metadata-only mode or no categories: show just count
                     if n_total is not None:
-                        preview_html = f'<span class="{CSS_TEXT_MUTED}">({n_total} categories)</span>'
+                        preview_markup = render_muted_span(f"({n_total} categories)")
                     else:
-                        preview_html = (
-                            f'<span class="{CSS_TEXT_MUTED}">(categories)</span>'
-                        )
+                        preview_markup = render_muted_span("(categories)")
                 else:
                     # Get colors for categories
                     colors = None
@@ -582,7 +577,7 @@ def format(  # noqa: PLR0912
                         if (n_total and was_truncated)
                         else 0
                     )
-                    preview_html = render_category_list(
+                    preview_markup = render_category_list(
                         categories, colors, context.max_categories, n_hidden=n_hidden
                     )
             except Exception as e:  # noqa: BLE001
@@ -615,7 +610,7 @@ def format(  # noqa: PLR0912
         return FormattedOutput(
             type_name=type_name,
             css_class=CSS_DTYPE_CATEGORY,
-            preview_html=preview_html,
+            preview_markup=preview_markup,
             is_serializable=True,
             warnings=warnings,
             error=error,
@@ -887,7 +882,7 @@ def format(self, obj: object, context: FormatterContext) -> FormattedOutput:
         shape_str = f"{format_number(obj.n_obs)} × {format_number(obj.n_vars)}"  # type: ignore[attr-defined]
 
         # Generate expanded HTML if within depth limit
-        expanded_html = None
+        expanded_markup: Markup | None = None
         if context.depth < context.max_depth - 1:
             # Lazy import to avoid circular dependency
             from .html import generate_repr_html
@@ -899,13 +894,15 @@ def format(self, obj: object, context: FormatterContext) -> FormattedOutput:
                 show_header=True,
                 show_search=False,
             )
-            expanded_html = f'<div class="{CSS_NESTED_ANNDATA}">{nested_html}</div>'
+            expanded_markup = Markup(
+                get_macros().nested_anndata_wrapper(Markup(nested_html))
+            )
 
         return FormattedOutput(
             type_name=f"AnnData ({shape_str})",
             css_class=CSS_DTYPE_ANNDATA,
             tooltip="Nested AnnData object",
-            expanded_html=expanded_html,
+            expanded_markup=expanded_markup,
             is_serializable=True,
         )
 
@@ -1032,29 +1029,24 @@ def format(self, obj: list, context: FormatterContext) -> FormattedOutput:
         n_colors = len(colors)
 
         # Build color swatch HTML with sanitized colors, counting invalid ones
-        swatches = []
+        swatches: list[Markup] = []
         invalid_count = 0
         for color in colors[:COLOR_PREVIEW_LIMIT]:
             # Sanitize color to prevent CSS injection
-            safe_color = sanitize_css_color(str(color))
+            label = str(color)
+            safe_color = sanitize_css_color(label)
             if safe_color:
                 swatches.append(
-                    f'<span class="{CSS_COLORS_SWATCH}" '
-                    f'style="background:{safe_color}" title="{escape_html(str(color))}"></span>'
+                    Markup(get_macros().color_swatch(safe_color, label, valid=True))
                 )
             else:
-                # Invalid/unsafe color - show as text only, no style
                 invalid_count += 1
                 swatches.append(
-                    f'<span class="{CSS_COLORS_SWATCH} {CSS_COLORS_SWATCH_INVALID}" '
-                    f"""title="Invalid color: '{escape_html(str(color))}'">?</span>"""
+                    Markup(get_macros().color_swatch("", label, valid=False))
                 )
-        if n_colors > COLOR_PREVIEW_LIMIT:
-            swatches.append(
-                f'<span class="{CSS_TEXT_MUTED}">+{n_colors - COLOR_PREVIEW_LIMIT}</span>'
-            )
+        overflow = max(0, n_colors - COLOR_PREVIEW_LIMIT)
 
-        preview_html = f'<span class="{CSS_COLORS}">{"".join(swatches)}</span>'
+        preview_markup = Markup(get_macros().color_preview(swatches, overflow))
 
         # Build warnings list (only for colors within preview limit)
         warnings = []
@@ -1067,7 +1059,7 @@ def format(self, obj: list, context: FormatterContext) -> FormattedOutput:
         return FormattedOutput(
             type_name=f"colors ({n_colors})",
             css_class=CSS_DTYPE_OBJECT,
-            preview_html=preview_html,
+            preview_markup=preview_markup,
             is_serializable=True,
             warnings=warnings,
         )
diff --git a/src/anndata/_repr/html.py b/src/anndata/_repr/html.py
index 6dc30c4f3..80956e8e5 100644
--- a/src/anndata/_repr/html.py
+++ b/src/anndata/_repr/html.py
@@ -11,15 +11,22 @@
 
 from __future__ import annotations
 
+import re
 import uuid
 from typing import TYPE_CHECKING
 
+from markupsafe import Markup
+
 from .._repr_constants import (
+    CHAR_WIDTH_PX,
+    COPY_BUTTON_PADDING_PX,
     CSS_BADGE_BACKED,
     CSS_BADGE_EXTENSION,
     CSS_BADGE_LAZY,
     CSS_BADGE_VIEW,
+    DEFAULT_FIELD_WIDTH_PX,
     DEFAULT_MAX_README_SIZE,
+    MIN_FIELD_WIDTH_PX,
     TOOLTIP_TRUNCATE_LENGTH,
 )
 from .._types import AnnDataElem
@@ -36,8 +43,12 @@
     DEFAULT_TYPE_WIDTH,
     DEFAULT_UNIQUE_LIMIT,
 )
+from . import (
+    formatters as _formatters,  # noqa: F401  # side-effect: register built-in formatters
+)
 from .components import (
     render_badge,
+    render_filepath_span,
     render_search_box,
 )
 from .core import (
@@ -47,6 +58,7 @@
     render_x_entry,
 )
 from .css import get_css
+from .environment import get_env, get_macros
 from .javascript import get_javascript
 from .lazy import get_lazy_backing_info, is_lazy_adata
 from .registry import (
@@ -63,7 +75,6 @@
     _render_uns_section,
 )
 from .utils import (
-    escape_html,
     format_index_preview,
     format_memory_size,
     format_number,
@@ -79,14 +90,11 @@
 
     from .registry import SectionFormatter
 
-# Import formatters to register them (side-effect import)
-from .._repr_constants import (
-    CHAR_WIDTH_PX,
-    COPY_BUTTON_PADDING_PX,
-    DEFAULT_FIELD_WIDTH_PX,
-    MIN_FIELD_WIDTH_PX,
-)
-from . import formatters as _formatters  # noqa: F401
+
+# container_id is interpolated verbatim into a <script> block
+# (see javascript.py: `getElementById('{container_id}')`), so any
+# caller-supplied value must match this restrictive shape.
+_CONTAINER_ID_RE = re.compile(r"^[A-Za-z][A-Za-z0-9_-]*$")
 
 
 def _collect_all_field_names(adata: AnnData) -> list[str]:
@@ -221,7 +229,7 @@ def generate_repr_html(  # noqa: PLR0913
     show_header: bool = True,
     show_search: bool = True,
     _container_id: str | None = None,
-) -> str:
+) -> Markup:
     """
     Generate HTML representation for an AnnData object.
 
@@ -253,7 +261,7 @@ def generate_repr_html(  # noqa: PLR0913
     """
     # Check if HTML repr is enabled
     if not get_setting("repr_html_enabled", default=True):
-        return f"<pre>{escape_html(repr(adata))}</pre>"
+        return Markup(get_macros().pre_fallback(repr(adata)))
 
     # Create formatter context (resolves settings)
     context = _create_formatter_context(
@@ -269,15 +277,20 @@ def generate_repr_html(  # noqa: PLR0913
     if depth >= context.max_depth:
         return _render_max_depth_indicator(adata)
 
-    # Generate unique container ID
-    container_id = _container_id or f"anndata-repr-{uuid.uuid4().hex[:8]}"
-
-    # Build HTML parts
-    parts = []
-
-    # CSS and JS only at top level
-    if depth == 0:
-        parts.append(get_css())
+    # Generate unique container ID. container_id is interpolated verbatim into
+    # a <script> block (see javascript.py), so caller-supplied values must match
+    # a restrictive pattern to prevent JS injection. Auto-generated UUIDs are
+    # safe by construction and skip the check.
+    if _container_id is not None:
+        if not _CONTAINER_ID_RE.match(_container_id):
+            msg = (
+                f"_container_id must match {_CONTAINER_ID_RE.pattern!r}; "
+                f"got {_container_id!r}"
+            )
+            raise ValueError(msg)
+        container_id = _container_id
+    else:
+        container_id = f"anndata-repr-{uuid.uuid4().hex[:8]}"
 
     # Calculate field name column width based on content
     max_field_width = get_setting(
@@ -288,69 +301,59 @@ def generate_repr_html(  # noqa: PLR0913
     # Get type column width from settings
     type_width = get_setting("repr_html_type_width", default=DEFAULT_TYPE_WIDTH)
 
-    # Container with computed column widths as CSS variables.
-    # Inline font-family:monospace provides readable fallback when CSS is stripped
-    # (GitHub, untrusted notebooks). CSS overrides with its own font stack.
-    # Inline min-width on cells + CSS custom properties give column alignment
-    # even without a stylesheet.
-    style = f"font-family: monospace; --anndata-name-col-width: {field_width}px; --anndata-type-col-width: {type_width}px;"
-    parts.append(
-        f'<div class="anndata-repr" id="{container_id}" data-depth="{depth}" style="{style}">'
+    # Computed column widths as CSS variables. Inline font-family:monospace
+    # provides a readable fallback when CSS is stripped (GitHub, untrusted
+    # notebooks).
+    style = (
+        f"font-family: monospace; "
+        f"--anndata-name-col-width: {field_width}px; "
+        f"--anndata-type-col-width: {type_width}px;"
     )
 
-    # Header (with search box integrated on the right)
+    header_html: Markup | None = None
     if show_header:
-        parts.append(
-            _render_header(
-                adata, show_search=show_search and depth == 0, container_id=container_id
-            )
+        header_html = _render_header(
+            adata,
+            show_search=show_search and depth == 0,
+            container_id=container_id,
         )
 
-    # Index preview (only at top level)
-    if depth == 0:
-        parts.append(_render_index_preview(adata))
-
-    # Sections container
-    parts.append('<div class="anndata-repr__sections">')
-    parts.extend(_render_all_sections(adata, context))
-    parts.append("</div>")  # anndata-repr__sections
-
-    # Footer with metadata (only at top level)
+    index_preview_markup: Markup | None = None
+    footer_html: Markup | None = None
+    hints_html: Markup | None = None
+    css_html: Markup | None = None
+    javascript_html: Markup | None = None
     if depth == 0:
-        parts.append(_render_footer(adata))
-        # Degradation hints: visible only when CSS or JS is missing.
-        # No-CSS hint: visible by default, hidden by CSS.
-        parts.append(
-            '<div class="anndata-repr__hint-nocss">'
-            "<em>Styled representation available in Jupyter and trusted notebooks "
-            "(colors, search, type highlighting).</em>"
-            "</div>"
+        index_preview_markup = _render_index_preview(adata)
+        footer_html = _render_footer(adata)
+        hints_html = _render_hints()
+        css_html = Markup(get_css())
+        javascript_html = Markup(get_javascript(container_id))
+
+    return Markup(
+        get_env()
+        .get_template("anndata.j2")
+        .render(
+            container_id=container_id,
+            depth=depth,
+            style=style,
+            css=css_html,
+            header=header_html,
+            index_preview=index_preview_markup,
+            sections=_render_all_sections(adata, context),
+            footer=footer_html,
+            hints=hints_html,
+            javascript=javascript_html,
         )
-        # No-JS hint: hidden by default (no-CSS case already has its own hint),
-        # shown by CSS (for static HTML with styles but no JS),
-        # hidden again by JS on init.
-        parts.append(
-            '<div class="anndata-repr__hint-nojs" style="display:none">'
-            "<em>Interactive features (search, copy, category wrapping) "
-            "require JavaScript. Trust this notebook to enable them.</em>"
-            "</div>"
-        )
-
-    parts.append("</div>")  # anndata-repr
-
-    # JavaScript (only at top level)
-    if depth == 0:
-        parts.append(get_javascript(container_id))
-
-    return "\n".join(parts)
+    )
 
 
 def _render_all_sections(
     adata: AnnData,
     context: FormatterContext,
-) -> list[str]:
+) -> list[Markup]:
     """Render all standard and custom sections."""
-    parts: list[str] = []
+    parts: list[Markup] = []
     custom_sections_after = _get_custom_sections_by_position(adata)
 
     for section in get_literal_members(AnnDataElem):
@@ -382,7 +385,7 @@ def _render_section(
     adata: AnnData,
     section: str,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render a single standard section.
 
     Attribute access happens inside the try/except so a broken section (one
@@ -450,7 +453,7 @@ def _render_custom_section(
     adata: AnnData,
     formatter: SectionFormatter,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render a custom section using its registered formatter.
 
     If the formatter defines ``render_html(obj, context)``, it is tried
@@ -458,10 +461,9 @@ def _render_custom_section(
     If ``render_html`` fails, falls back to the standard ``get_entries``
     path so formatters can provide both an enhanced and a safe representation.
     """
-    # Allow formatters to produce raw HTML (e.g., compact inline rows)
     if hasattr(formatter, "render_html"):
         try:
-            return formatter.render_html(adata, context)
+            return Markup(formatter.render_html(adata, context))
         except Exception as e:  # noqa: BLE001
             from .._warnings import warn
 
@@ -470,22 +472,20 @@ def _render_custom_section(
                 f"falling back to get_entries: {e}",
                 UserWarning,
             )
-            # Fall through to get_entries below
 
     try:
         entries = formatter.get_entries(adata, context)
     except Exception as e:  # noqa: BLE001
-        # Intentional broad catch: custom formatters shouldn't crash the entire repr
         from .._warnings import warn
 
         warn(
             f"Custom section formatter '{formatter.section_name}' failed: {e}",
             UserWarning,
         )
-        return ""
+        return Markup("")
 
     if not entries:
-        return ""
+        return Markup("")
 
     n_items = len(entries)
     section_name = formatter.section_name
@@ -498,10 +498,9 @@ def _render_custom_section(
             break
         rows.append(render_formatted_entry(entry, section_name))
 
-    # Use render_section for consistent structure
     return render_section(
         getattr(formatter, "display_name", section_name),
-        "\n".join(rows),
+        Markup("\n").join(rows),
         n_items=n_items,
         doc_url=getattr(formatter, "doc_url", None),
         tooltip=getattr(formatter, "tooltip", ""),
@@ -510,141 +509,139 @@ def _render_custom_section(
     )
 
 
+def _build_readme_icon(adata: AnnData) -> Markup | None:
+    """Build the README icon Markup from ``adata.uns['README']`` if present.
+
+    The truncation + tooltip shaping stays in Python; only the final Markup
+    fragment is handed off to the template.
+    """
+    readme_content = adata.uns.get("README") if hasattr(adata, "uns") else None
+    if not (isinstance(readme_content, str) and readme_content.strip()):
+        return None
+
+    max_readme_size = get_setting(
+        "repr_html_max_readme_size", default=DEFAULT_MAX_README_SIZE
+    )
+    original_len = len(readme_content)
+    if max_readme_size > 0 and original_len > max_readme_size:
+        readme_content = readme_content[:max_readme_size]
+        truncation_note = (
+            f"\n\n---\n*README truncated: showing {max_readme_size:,} of "
+            f"{original_len:,} characters*"
+        )
+        readme_content += truncation_note
+
+    tooltip_text = readme_content[:TOOLTIP_TRUNCATE_LENGTH]
+    if len(readme_content) > TOOLTIP_TRUNCATE_LENGTH:
+        tooltip_text += "..."
+
+    # Scrub NULs before the template: the previous ``.format(...)`` path only
+    # HTML-escaped, so NUL bytes flowed through into the ``data-readme``
+    # attribute. The macro autoescapes but doesn't scrub; Jinja's finalize
+    # hook scrubs too, but being explicit here keeps the contract obvious.
+    readme_content = readme_content.replace("\x00", "\ufffd")
+    tooltip_text = tooltip_text.replace("\x00", "\ufffd")
+
+    return Markup(get_macros().readme_icon(readme_content, tooltip_text))
+
+
 def _render_header(
     adata: AnnData, *, show_search: bool = False, container_id: str = ""
-) -> str:
+) -> Markup:
     """Render the header with type, shape, badges, and optional search box."""
-    parts = ['<div class="anndata-header">']
-
-    # Type name - allow for extension types
     type_name = type(adata).__name__
-    parts.append(f'<span class="anndata-header__type">{escape_html(type_name)}</span>')
-
-    # Shape
     shape_str = f"{format_number(adata.n_obs)} obs × {format_number(adata.n_vars)} vars"
-    parts.append(f'<span class="anndata-header__shape">{shape_str}</span>')
 
-    # Badges - use render_badge() helper
+    # `extras` preserves the original interleaving: badges and their associated
+    # filepath spans ship in the same list, in insertion order.
+    extras: list[Markup] = []
+
     if is_view(adata):
-        parts.append(render_badge("View", CSS_BADGE_VIEW))
+        extras.append(render_badge("View", CSS_BADGE_VIEW))
 
     if is_backed(adata):
         backing = get_backing_info(adata)
         filename = backing.get("filename", "")
         format_str = backing.get("format", "")
         status = "Open" if backing.get("is_open") else "Closed"
-        parts.append(render_badge(f"{format_str} ({status})", CSS_BADGE_BACKED))
-        # Inline file path (full path, no truncation)
+        extras.append(render_badge(f"{format_str} ({status})", CSS_BADGE_BACKED))
         if filename:
-            parts.append(
-                f'<span class="anndata-header__filepath">{escape_html(filename)}</span>'
-            )
+            extras.append(render_filepath_span(filename))
 
     if is_lazy_adata(adata):
         lazy_info = get_lazy_backing_info(adata)
         lazy_format = lazy_info.get("format", "")
         if lazy_format:
-            parts.append(render_badge(f"Lazy ({lazy_format})", CSS_BADGE_LAZY))
+            extras.append(render_badge(f"Lazy ({lazy_format})", CSS_BADGE_LAZY))
         else:
-            parts.append(render_badge("Lazy", CSS_BADGE_LAZY))
-        # Show file path for lazy AnnData (similar to backed)
+            extras.append(render_badge("Lazy", CSS_BADGE_LAZY))
         lazy_filename = lazy_info.get("filename", "")
         if lazy_filename:
             path_style = (
                 "font-family:ui-monospace,monospace;font-size:11px;"
                 "color:var(--anndata-text-secondary, #6c757d);"
             )
-            parts.append(
-                f'<span class="anndata-header__filepath" style="{path_style}">'
-                f"{escape_html(lazy_filename)}"
-                f"</span>"
-            )
+            extras.append(render_filepath_span(lazy_filename, path_style))
 
-    # Check for extension type (not standard AnnData)
     if type_name != "AnnData":
-        parts.append(render_badge(type_name, CSS_BADGE_EXTENSION))
-
-    # README icon if uns["README"] exists with a string
-    readme_content = adata.uns.get("README") if hasattr(adata, "uns") else None
-    if isinstance(readme_content, str) and readme_content.strip():
-        # Check max README size setting (0 means no limit)
-        max_readme_size = get_setting(
-            "repr_html_max_readme_size", default=DEFAULT_MAX_README_SIZE
-        )
-        original_len = len(readme_content)
-        if max_readme_size > 0 and original_len > max_readme_size:
-            # Truncate and add note
-            readme_content = readme_content[:max_readme_size]
-            truncation_note = (
-                f"\n\n---\n*README truncated: showing {max_readme_size:,} of "
-                f"{original_len:,} characters*"
-            )
-            readme_content += truncation_note
-
-        escaped_readme = escape_html(readme_content)
-        # Truncate for no-JS tooltip (first 500 chars)
-        tooltip_text = readme_content[:TOOLTIP_TRUNCATE_LENGTH]
-        if len(readme_content) > TOOLTIP_TRUNCATE_LENGTH:
-            tooltip_text += "..."
-        escaped_tooltip = escape_html(tooltip_text)
-
-        parts.append(
-            f'<span class="anndata-readme__icon" '
-            f'data-readme="{escaped_readme}" '
-            f'title="{escaped_tooltip}" '
-            f'role="button" tabindex="0" aria-label="View README">'
-            f"ⓘ"
-            f"</span>"
+        extras.append(render_badge(type_name, CSS_BADGE_EXTENSION))
+
+    readme_icon = _build_readme_icon(adata)
+    if readme_icon is not None:
+        extras.append(readme_icon)
+
+    search_box = render_search_box(container_id) if show_search else None
+
+    return Markup(
+        get_env()
+        .get_template("header.j2")
+        .render(
+            type_name=type_name,
+            shape_str=shape_str,
+            extras=extras,
+            search_box=search_box,
         )
-
-    # Search box on the right (spacer pushes it right) - use render_search_box() helper
-    if show_search:
-        parts.append('<span class="anndata-spacer"></span>')
-        parts.append(render_search_box(container_id))
-
-    parts.append("</div>")
-    return "\n".join(parts)
+    )
 
 
-def _render_footer(adata: AnnData) -> str:
+def _render_footer(adata: AnnData) -> Markup:
     """Render the footer with version and memory info."""
-    parts = ['<div class="anndata-footer">']
-
-    # Version
-    version = get_anndata_version()
-    parts.append(f"<span>anndata v{version}</span>")
-
-    # Memory usage
     try:
-        mem_bytes = adata.__sizeof__()
-        mem_str = format_memory_size(mem_bytes)
-        parts.append(f'<span title="Estimated memory usage">~{mem_str}</span>')
+        memory_str: str | None = format_memory_size(adata.__sizeof__())
     except Exception:  # noqa: BLE001
-        # Broad catch: __sizeof__ recursively calls into user data which could raise anything
-        pass
+        # __sizeof__ recurses into user data which can raise anything
+        memory_str = None
 
-    parts.append("</div>")
-    return "\n".join(parts)
+    return Markup(
+        get_env()
+        .get_template("footer.j2")
+        .render(version=get_anndata_version(), memory_str=memory_str)
+    )
 
 
-def _render_index_preview(adata: AnnData) -> str:
+def _render_index_preview(adata: AnnData) -> Markup:
     """Render preview of obs_names and var_names."""
-    parts = ['<div class="anndata-header__index">']
-
-    # obs_names preview
-    obs_preview = format_index_preview(adata.obs_names, DEFAULT_PREVIEW_ITEMS)
-    parts.append(f"<div><strong>obs_names:</strong> {obs_preview}</div>")
+    return Markup(
+        get_env()
+        .get_template("index_preview.j2")
+        .render(
+            obs_preview=format_index_preview(adata.obs_names, DEFAULT_PREVIEW_ITEMS),
+            var_preview=format_index_preview(adata.var_names, DEFAULT_PREVIEW_ITEMS),
+        )
+    )
 
-    # var_names preview
-    var_preview = format_index_preview(adata.var_names, DEFAULT_PREVIEW_ITEMS)
-    parts.append(f"<div><strong>var_names:</strong> {var_preview}</div>")
 
-    parts.append("</div>")
-    return "\n".join(parts)
+def _render_hints() -> Markup:
+    """Render the static no-CSS / no-JS hint block."""
+    return Markup(get_env().get_template("hints.j2").render())
 
 
-def _render_max_depth_indicator(adata: AnnData) -> str:
+def _render_max_depth_indicator(adata: AnnData) -> Markup:
     """Render indicator when max depth is reached."""
     n_obs = getattr(adata, "n_obs", "?")
     n_vars = getattr(adata, "n_vars", "?")
-    return f'<div class="anndata-depth-limit">AnnData ({format_number(n_obs)} × {format_number(n_vars)}) - max depth reached</div>'
+    return Markup(
+        get_env()
+        .get_template("max_depth_indicator.j2")
+        .render(n_obs_str=format_number(n_obs), n_vars_str=format_number(n_vars))
+    )
diff --git a/src/anndata/_repr/registry.py b/src/anndata/_repr/registry.py
index c09a7cb04..37f3f070a 100644
--- a/src/anndata/_repr/registry.py
+++ b/src/anndata/_repr/registry.py
@@ -9,9 +9,15 @@
 
 Usage for extending to new types:
 
+    from markupsafe import Markup
+
     from anndata._repr import register_formatter, TypeFormatter, FormattedOutput
 
-    # Format by Python type (e.g., custom array in obsm)
+    # Format by Python type (e.g., custom array in obsm).
+    # Three ways to populate the preview column:
+    #   - preview=<str>                                 — plain text, autoescaped
+    #   - preview_markup=Markup('<tag>{}</tag>').format(value) — custom HTML
+    #   - preview_markup=Markup(obj._repr_html_())      — reuse trusted HTML
     @register_formatter
     class MyArrayFormatter(TypeFormatter):
         def can_format(self, obj, context):
@@ -21,11 +27,12 @@ def format(self, obj, context):
             return FormattedOutput(
                 type_name=f"MyArray {obj.shape}",
                 css_class="anndata-dtype--myarray",
-                # preview_html for rightmost column (data preview, counts, etc.)
-                preview_html=f'<span class="anndata-text--muted">({obj.n_items} items)</span>',
+                preview_markup=Markup(
+                    '<span class="mypackage-summary">{} items</span>'
+                ).format(obj.n_items),
             )
 
-    # Format by embedded type hint (e.g., tagged data in uns)
+    # Format by embedded type hint (e.g., tagged data in uns).
     from anndata._repr import extract_uns_type_hint
 
     @register_formatter
@@ -40,8 +47,16 @@ def format(self, obj, context):
             hint, data = extract_uns_type_hint(obj)
             return FormattedOutput(
                 type_name="config",
-                preview_html='<span>Custom config preview</span>',
+                preview_markup=Markup(
+                    '<span class="anndata-text--muted">{}</span>'
+                ).format(data.get("name", "(unnamed)")),
             )
+
+Never build HTML via ``Markup(f'...{value}...')`` — the f-string interpolates
+``value`` before ``Markup`` sees it, bypassing autoescape. Use
+``Markup('<tag>{}</tag>').format(value)`` instead (standard MarkupSafe idiom),
+or invoke a macro via ``get_macros()`` which also scrubs NUL bytes via the
+template engine's finalize hook.
 """
 
 from __future__ import annotations
@@ -50,14 +65,16 @@ def format(self, obj, context):
 from dataclasses import dataclass, field, replace
 from typing import TYPE_CHECKING
 
+from markupsafe import Markup
+
+from .environment import get_macros
+
 if TYPE_CHECKING:
     from typing import TypeGuard
 
 from .._repr_constants import (
     CSS_DTYPE_EXTENSION,
     CSS_DTYPE_UNKNOWN,
-    CSS_TEXT_ERROR,
-    CSS_TEXT_WARNING,
     DEFAULT_FOLD_THRESHOLD,
     DEFAULT_MAX_CATEGORIES,
     DEFAULT_MAX_DEPTH,
@@ -66,7 +83,7 @@ def format(self, obj, context):
     DEFAULT_MAX_STRING_LENGTH,
     DEFAULT_UNIQUE_LIMIT,
 )
-from .utils import escape_html, validate_key
+from .utils import validate_key
 
 
 @dataclass
@@ -78,33 +95,36 @@ class FormattedOutput:
         ┌─────────────┬────────────────────────────┬─────────────────┐
         │ Name        │ Type                       │ Preview         │
         ├─────────────┼────────────────────────────┼─────────────────┤
-        │ (from key)  │ type_html or type_name     │ preview_html or │
+        │ (from key)  │ type_markup or type_name     │ preview_markup or │
         │             │ + warnings + [Expand ▼]    │ preview (text)  │
         └─────────────┴────────────────────────────┴─────────────────┘
-                               │ (if expanded_html provided and clicked)
+                               │ (if expanded_markup provided and clicked)
                                ▼
                   ┌─────────────────────────────────────────────────┐
-                  │ expanded_html content (collapsible row)         │
+                  │ expanded_markup content (collapsible row)       │
                   └─────────────────────────────────────────────────┘
 
     Field precedence rules
     ----------------------
     Some fields have precedence relationships when multiple are provided:
 
-    **Type column** (``type_name`` vs ``type_html``):
+    **Type column** (``type_name`` vs ``type_markup``):
         - ``type_name`` is always required and used for search/filter (data-dtype)
-        - If ``type_html`` is provided, it replaces the visual display
+        - If ``type_markup`` is provided, it replaces the visual display
         - ``type_name`` is still used for the data-dtype attribute regardless
 
-    **Preview column** (``preview`` vs ``preview_html``):
-        - If ``preview_html`` is provided, it is used (raw HTML)
+    **Preview column** (``preview`` vs ``preview_markup``):
+        - If ``preview_markup`` is provided, it is used (raw HTML)
         - Otherwise, ``preview`` is used as plain text (auto-escaped)
         - A warning is logged if both are provided
 
     Field naming convention
     -----------------------
-    - ``*_html`` fields contain raw HTML (caller responsible for escaping)
-    - Other string fields are plain text (auto-escaped when rendered)
+    - ``*_markup`` fields carry trusted HTML as ``markupsafe.Markup``
+      (caller responsible for escaping at the boundary); they pass through
+      Jinja autoescape verbatim.
+    - Plain string fields (``type_name``, ``preview``, ``tooltip``, etc.)
+      are autoescaped when rendered.
 
     Available CSS classes
     ---------------------
@@ -129,9 +149,10 @@ class FormattedOutput:
     Always used for data-dtype attribute (search/filter). Auto-escaped.
     Defaults to 'unknown' for resilience when type extraction fails."""
 
-    type_html: str | None = None
-    """Optional. Raw HTML to render in type column instead of type_name.
-    If provided, replaces the visual rendering but type_name still used for data-dtype."""
+    type_markup: Markup | None = None
+    """Optional. Trusted HTML (``markupsafe.Markup``) to render in the type
+    column instead of ``type_name``. If provided, replaces the visual
+    rendering but ``type_name`` is still used for the ``data-dtype`` attribute."""
 
     css_class: str = CSS_DTYPE_UNKNOWN
     """CSS class for styling the type column."""
@@ -144,15 +165,17 @@ class FormattedOutput:
 
     preview: str | None = None
     """Optional. Plain text for preview column (rightmost). Auto-escaped.
-    Mutually exclusive with preview_html."""
+    Mutually exclusive with preview_markup."""
 
-    preview_html: str | None = None
-    """Optional. Raw HTML for preview column (e.g., category pills with colors).
-    Takes precedence over preview if both provided (with warning)."""
+    preview_markup: Markup | None = None
+    """Optional. Trusted HTML (``markupsafe.Markup``) for the preview column
+    (e.g., category pills with colors). Takes precedence over ``preview`` if
+    both provided (with warning)."""
 
-    expanded_html: str | None = None
-    """Optional. Raw HTML for expandable content shown in collapsible row below.
-    If provided, an 'Expand ▼' button is added to the type column."""
+    expanded_markup: Markup | None = None
+    """Optional. Trusted HTML (``markupsafe.Markup``) for expandable content
+    shown in the collapsible row below. If provided, an 'Expand ▼' button is
+    added to the type column."""
 
     is_serializable: bool = True
     """Whether this type can be serialized to H5AD/Zarr."""
@@ -161,7 +184,7 @@ class FormattedOutput:
     """Hard error message. If set, row is highlighted red and error shown in preview.
 
     **Precedence**: If ``error`` is set, it takes precedence over ``preview`` and
-    ``preview_html`` - the error message is displayed instead of any preview content.
+    ``preview_markup`` - the error message is displayed instead of any preview content.
 
     Used for: formatter failures, key validation errors, property access failures.
     Ecosystem packages can set this explicitly or just raise (caught by registry)."""
@@ -597,9 +620,9 @@ def format(  # noqa: PLR0912, PLR0915
         except Exception:  # noqa: BLE001
             pass
 
-        # === Build preview_html for errors ===
+        # === Build preview_markup for errors ===
         # SECURITY: All text must be HTML-escaped to prevent XSS
-        preview_html = None
+        preview_markup = None
         warnings: list[str] = []
 
         # Add serialization reason to warnings if not serializable
@@ -608,10 +631,11 @@ def format(  # noqa: PLR0912, PLR0915
 
         if all_errors:
             try:
-                error_text = escape_html(", ".join(all_errors))
-                preview_html = f'<span class="{CSS_TEXT_ERROR}">{error_text}</span>'
+                preview_markup = Markup(
+                    get_macros().error_preview(", ".join(all_errors))
+                )
             except Exception:  # noqa: BLE001
-                preview_html = f'<span class="{CSS_TEXT_ERROR}">Error</span>'
+                preview_markup = Markup(get_macros().error_preview("Error"))
         else:
             # No errors - check if unknown type warning needed
             try:
@@ -623,9 +647,8 @@ def format(  # noqa: PLR0912, PLR0915
                 ))
                 if not is_extension:
                     warnings.append(f"Unknown type: {full_name}")
-                    warning_text = escape_html(f"Unknown type: {full_name}")
-                    preview_html = (
-                        f'<span class="{CSS_TEXT_WARNING}">{warning_text}</span>'
+                    preview_markup = Markup(
+                        get_macros().warning_preview(f"Unknown type: {full_name}")
                     )
             except Exception:  # noqa: BLE001
                 pass
@@ -656,7 +679,7 @@ def format(  # noqa: PLR0912, PLR0915
             css_class=css_class,
             tooltip=tooltip,
             warnings=warnings,
-            preview_html=preview_html,
+            preview_markup=preview_markup,
             is_serializable=is_serial,
             error=error,
         )
@@ -955,6 +978,8 @@ def extract_uns_type_hint(value: object) -> tuple[str | None, object]:
 
     1. In your package (e.g., mypackage/__init__.py), register a TypeFormatter::
 
+        from markupsafe import Markup
+
         from anndata._repr import (
             register_formatter,
             TypeFormatter,
@@ -974,10 +999,12 @@ def can_format(self, obj, context):
 
             def format(self, obj, context):
                 hint, data = extract_uns_type_hint(obj)
-                # Render your custom visualization
                 return FormattedOutput(
                     type_name="mytype",
-                    preview_html="<span>Custom rendering</span>",
+                    # ``Markup.format`` autoescapes each non-``Markup`` arg.
+                    preview_markup=Markup(
+                        '<span class="mypackage-badge">{}</span>'
+                    ).format(data.get("label", "untitled")),
                 )
 
     2. When the user imports your package, the formatter is registered
diff --git a/src/anndata/_repr/sections.py b/src/anndata/_repr/sections.py
index 866c2d9e1..4ef5c0210 100644
--- a/src/anndata/_repr/sections.py
+++ b/src/anndata/_repr/sections.py
@@ -26,6 +26,8 @@
 from dataclasses import replace
 from typing import TYPE_CHECKING
 
+from markupsafe import Markup
+
 from .._repr_constants import (
     CSS_DTYPE_ANNDATA,
     CSS_DTYPE_UNKNOWN,
@@ -53,13 +55,14 @@
     render_truncation_indicator,
     render_x_entry,
 )
+from .environment import get_env, get_macros
 from .registry import (
     FormattedEntry,
+    FormattedOutput,
     extract_uns_type_hint,
     formatter_registry,
 )
 from .utils import (
-    escape_html,
     format_index_preview,
     format_number,
 )
@@ -69,16 +72,16 @@
 
     from anndata import AnnData
 
-    from .registry import FormattedOutput, FormatterContext
+    from .registry import FormatterContext
 
 
 def _render_entry_row(
     key: str,
     output: FormattedOutput,
     *,
-    append_type_html: bool = False,
+    append_type_markup: bool = False,
     preview_note: str | None = None,
-) -> str:
+) -> Markup:
     """Render an entry row for DataFrame, mapping, or uns sections.
 
     Key validation is handled by FormatterRegistry.format_value() via context.key,
@@ -90,8 +93,8 @@ def _render_entry_row(
         Entry key/name to display
     output
         FormattedOutput from a TypeFormatter (already includes key validation)
-    append_type_html
-        If True, append type_html below type_name (for mapping entries)
+    append_type_markup
+        If True, append type_markup below type_name (for mapping entries)
     preview_note
         Optional note to prepend to preview (for type hints in uns)
 
@@ -102,7 +105,7 @@ def _render_entry_row(
     entry = FormattedEntry(key=key, output=output)
     return render_formatted_entry(
         entry,
-        append_type_html=append_type_html,
+        append_type_markup=append_type_markup,
         preview_note=preview_note,
     )
 
@@ -116,7 +119,7 @@ def _render_dataframe_section(
     section: str,
     df: pd.DataFrame,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render obs or var section."""
     n_cols = len(df.columns)
 
@@ -143,7 +146,7 @@ def _render_dataframe_section(
 
     return render_section(
         section,
-        "\n".join(rows),
+        Markup("\n").join(rows),
         n_items=n_cols,
         doc_url=doc_url,
         tooltip=tooltip,
@@ -161,10 +164,10 @@ def _render_mapping_section(
     section: str,
     mapping: object,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render obsm, varm, layers, obsp, varp sections."""
     if mapping is None:
-        return ""
+        return Markup("")
 
     # Get count without creating full list (O(1) for most mappings)
     n_items = len(mapping)
@@ -188,11 +191,11 @@ def _render_mapping_section(
         value = mapping[key]
         key_context = replace(section_context, key=key)
         output = formatter_registry.format_value(value, key_context)
-        rows.append(_render_entry_row(key, output, append_type_html=True))
+        rows.append(_render_entry_row(key, output, append_type_markup=True))
 
     return render_section(
         section,
-        "\n".join(rows),
+        Markup("\n").join(rows),
         n_items=n_items,
         doc_url=doc_url,
         tooltip=tooltip,
@@ -208,7 +211,7 @@ def _render_mapping_section(
 def _render_uns_section(
     uns: object,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render the uns section with special handling."""
     # Get count without creating full list (O(1) for dict)
     n_items = len(uns)
@@ -231,7 +234,7 @@ def _render_uns_section(
 
     return render_section(
         "uns",
-        "\n".join(rows),
+        Markup("\n").join(rows),
         n_items=n_items,
         doc_url=doc_url,
         tooltip=tooltip,
@@ -243,7 +246,7 @@ def _render_uns_entry(
     key: str,
     value: object,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render a single uns entry with special type handling.
 
     Rendering priority:
@@ -257,8 +260,8 @@ def _render_uns_entry(
     # 1. Try formatter first - handles type hints, color lists, AnnData
     output = formatter_registry.format_value(value, key_context)
 
-    # If a custom formatter produced preview_html, use it directly
-    if output.preview_html:
+    # If a custom formatter produced preview_markup, use it directly
+    if output.preview_markup:
         return _render_entry_row(key, output)
 
     # 2. Check for unhandled type hint (basic formatter matched, not custom)
@@ -325,59 +328,43 @@ def _detect_unknown_sections(adata: AnnData) -> list[tuple[str, str]]:
     return unknown
 
 
-def _render_unknown_sections(unknown_sections: list[tuple[str, str]]) -> str:
+def _render_unknown_sections(unknown_sections: list[tuple[str, str]]) -> Markup:
     """Render a section showing unknown/unrecognized attributes."""
-    parts = [
-        '<details class="anndata-section anndata-sec-unknown" data-section="unknown">'
-    ]
-    parts.append("<summary>")
-    parts.append('<span class="anndata-section__name">other</span>')
-    parts.append(
-        f'<span class="anndata-section__count">({len(unknown_sections)})</span>'
-    )
-    parts.append("</summary>")
-
-    parts.append('<div class="anndata-section__content">')
-    parts.append('<div class="anndata-section__entries">')
-
-    for attr_name, type_desc in unknown_sections:
-        parts.append(render_entry_row_open(attr_name, type_desc))
-        parts.append(render_name_cell(attr_name))
-        parts.append('<span class="anndata-entry__type">')
-        parts.append(
-            f'<span class="{CSS_DTYPE_UNKNOWN}" title="Unrecognized attribute">'
-            f"{escape_html(type_desc)}</span>"
+    rows: list[Markup] = [
+        render_formatted_entry(
+            FormattedEntry(
+                key=attr_name,
+                output=FormattedOutput(
+                    type_name=type_desc,
+                    css_class=CSS_DTYPE_UNKNOWN,
+                    tooltip="Unrecognized attribute",
+                ),
+            )
         )
-        parts.append("</span>")
-        parts.append('<span class="anndata-entry__preview"></span>')
-        parts.append("</div>")
-
-    parts.append("</div>")
-    parts.append("</div>")
-    parts.append("</details>")
+        for attr_name, type_desc in unknown_sections
+    ]
 
-    return "\n".join(parts)
+    n = len(unknown_sections)
+    return render_section(
+        "other",
+        Markup("\n").join(rows),
+        n_items=n,
+        section_id="unknown",
+        count_str=f"({n})",
+        extra_classes="anndata-sec-unknown",
+    )
 
 
-def _render_error_entry(section: str, error: str) -> str:
+def _render_error_entry(section: str, error: str) -> Markup:
     """Render an error indicator for a section that failed to render."""
     error_str = str(error)
     if len(error_str) > ERROR_TRUNCATE_LENGTH:
         error_str = error_str[:ERROR_TRUNCATE_LENGTH] + "..."
-    error_escaped = escape_html(error_str)
-    return f"""
-<details class="anndata-section anndata-sec-error" data-section="{escape_html(section)}" open>
-    <summary>
-        <span class="anndata-section__name">{escape_html(section)}</span>
-        <span class="anndata-section__count anndata-badge--error">(error)</span>
-    </summary>
-    <div class="anndata-section__content">
-        <div class="anndata-entry--error">
-            Failed to render: {error_escaped}
-        </div>
-    </div>
-</details>
-"""
+    return Markup(
+        get_env()
+        .get_template("error_entry.j2")
+        .render(section=section, error=error_str)
+    )
 
 
 # -----------------------------------------------------------------------------
@@ -437,7 +424,7 @@ def _get_raw_meta_parts(raw: object) -> list[str]:
 def _render_raw_section(
     raw: object,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Render the raw section as a single expandable row.
 
     The raw section shows unprocessed data that was saved before filtering/normalization.
@@ -452,7 +439,7 @@ def _render_raw_section(
     The depth parameter prevents infinite recursion.
     """
     if raw is None:
-        return ""
+        return Markup("")
 
     # Safely get dimensions with fallbacks
     n_obs = _safe_get_attr(raw, "n_obs", "?")
@@ -465,41 +452,45 @@ def _render_raw_section(
     meta_parts = _get_raw_meta_parts(raw)
     meta_text = ", ".join(meta_parts) if meta_parts else ""
 
-    # Single row container (like a minimal section with just one entry)
-    parts = ['<div class="anndata-sec anndata-sec-raw" data-section="raw">']
-    parts.append('<div class="anndata-section__entries">')
-
     # Single row with raw info
     type_str = f"{format_number(n_obs)} obs × {format_number(n_vars)} var"
-    parts.append(render_entry_row_open("raw", "Raw", has_expandable_content=can_expand))
-    parts.append(render_name_cell("raw"))
-    type_cell_config = TypeCellConfig(
-        type_name=type_str,
-        css_class=CSS_DTYPE_ANNDATA,
-    )
-    parts.append(render_entry_type_cell(type_cell_config))
-    parts.append(render_entry_preview_cell(preview_text=meta_text))
-
-    # Nested content (entry is <details>/<summary> when can_expand)
+    row_parts: list[Markup] = [
+        render_entry_row_open("raw", "Raw", has_expandable_content=can_expand),
+        render_name_cell("raw"),
+        render_entry_type_cell(
+            TypeCellConfig(type_name=type_str, css_class=CSS_DTYPE_ANNDATA)
+        ),
+        render_entry_preview_cell(preview_text=meta_text),
+    ]
     if can_expand:
         nested_html = _generate_raw_repr_html(raw, context.child("raw"))
-        # Wrap in anndata-entry__nested-anndata for specific styling
-        wrapped_html = f'<div class="anndata-entry__nested-anndata">{nested_html}</div>'
-        parts.append(render_nested_content(wrapped_html))
-        parts.append("</details>")  # close expandable entry
+        wrapped_html = Markup(get_macros().nested_anndata_wrapper(nested_html))
+        row_parts.append(render_nested_content(wrapped_html))
+        row_parts.append(Markup("</details>"))
     else:
-        parts.append("</div>")  # close plain entry
+        row_parts.append(Markup("</div>"))
+
+    entry_markup = Markup("\n").join(row_parts)
+    return Markup(
+        get_env().get_template("raw_section.j2").render(entry_markup=entry_markup)
+    )
 
-    parts.append("</div>")  # close entries grid
-    parts.append("</div>")  # close section
 
-    return "\n".join(parts)
+def _safe_index_preview(raw: object, attr: str) -> Markup | None:
+    """Read ``raw.<attr>`` and return its format_index_preview Markup, or None."""
+    try:
+        names = getattr(raw, attr, None)
+    except Exception:  # noqa: BLE001
+        return None
+    if names is None:
+        return None
+    return format_index_preview(names)
 
 
 def _generate_raw_repr_html(
     raw,
     context: FormatterContext,
-) -> str:
+) -> Markup:
     """Generate HTML repr for a Raw object.
 
     This renders X, var, and varm sections similar to AnnData,
@@ -512,75 +503,39 @@ def _generate_raw_repr_html(
     context
         FormatterContext with depth, max_depth, fold_threshold, max_items
     """
-    # Safely get dimensions
     n_obs = _safe_get_attr(raw, "n_obs", "?")
     n_vars = _safe_get_attr(raw, "n_vars", "?")
-
-    parts = []
-
-    # Container with header showing Raw shape
-    container_id = f"raw-repr-{id(raw)}"
-    parts.append(f'<div class="anndata-repr" id="{container_id}">')
-
-    # Header for Raw - same structure as AnnData header
-    parts.append('<div class="anndata-header">')
-    parts.append('<span class="anndata-header__type">Raw</span>')
     shape_str = f"{format_number(n_obs)} obs × {format_number(n_vars)} var"
-    parts.append(f'<span class="anndata-header__shape">{shape_str}</span>')
-    parts.append("</div>")
 
-    # Index preview (obs_names and var_names)
-    parts.append('<div class="anndata-header__index">')
-    try:
-        obs_names = getattr(raw, "obs_names", None)
-        if obs_names is not None:
-            parts.append(
-                f"<div><strong>obs_names:</strong> {format_index_preview(obs_names)}</div>"
-            )
-        else:
-            parts.append(
-                "<div><strong>obs_names:</strong> <em>not available</em></div>"
-            )
-    except Exception:  # noqa: BLE001
-        parts.append("<div><strong>obs_names:</strong> <em>not available</em></div>")
-    try:
-        var_names = getattr(raw, "var_names", None)
-        if var_names is not None:
-            parts.append(
-                f"<div><strong>var_names:</strong> {format_index_preview(var_names)}</div>"
-            )
-        else:
-            parts.append(
-                "<div><strong>var_names:</strong> <em>not available</em></div>"
-            )
-    except Exception:  # noqa: BLE001
-        parts.append("<div><strong>var_names:</strong> <em>not available</em></div>")
-    parts.append("</div>")
-
-    # X section - show matrix info (with error handling)
+    sections: list[Markup] = []
     try:
         if hasattr(raw, "X") and raw.X is not None:
-            parts.append(render_x_entry(raw, context))
+            sections.append(render_x_entry(raw, context))
     except Exception as e:  # noqa: BLE001
-        parts.append(_render_error_entry("X", str(e)))
+        sections.append(_render_error_entry("X", str(e)))
 
-    # var section (like AnnData's var)
     try:
         if hasattr(raw, "var") and raw.var is not None and len(raw.var.columns) > 0:
-            # Raw doesn't have the same structure as AnnData, so clear adata_ref
             var_context = replace(context, adata_ref=None, section="var")
-            parts.append(_render_dataframe_section("var", raw.var, var_context))
+            sections.append(_render_dataframe_section("var", raw.var, var_context))
     except Exception as e:  # noqa: BLE001
-        parts.append(_render_error_entry("var", str(e)))
+        sections.append(_render_error_entry("var", str(e)))
 
-    # varm section (like AnnData's varm)
     try:
         if hasattr(raw, "varm") and raw.varm is not None and len(raw.varm) > 0:
             varm_context = replace(context, adata_ref=None, section="varm")
-            parts.append(_render_mapping_section("varm", raw.varm, varm_context))
+            sections.append(_render_mapping_section("varm", raw.varm, varm_context))
     except Exception as e:  # noqa: BLE001
-        parts.append(_render_error_entry("varm", str(e)))
-
-    parts.append("</div>")
-
-    return "\n".join(parts)
+        sections.append(_render_error_entry("varm", str(e)))
+
+    return Markup(
+        get_env()
+        .get_template("raw_repr.j2")
+        .render(
+            container_id=f"raw-repr-{id(raw)}",
+            shape_str=shape_str,
+            obs_preview=_safe_index_preview(raw, "obs_names"),
+            var_preview=_safe_index_preview(raw, "var_names"),
+            sections=sections,
+        )
+    )
diff --git a/src/anndata/_repr/templates/_macros.j2 b/src/anndata/_repr/templates/_macros.j2
new file mode 100644
index 000000000..e20cee86e
--- /dev/null
+++ b/src/anndata/_repr/templates/_macros.j2
@@ -0,0 +1,213 @@
+{# Reusable small HTML components used by templates and as the single source of
+   truth for cell-level HTML (mirrored by thin Python wrappers in
+   _repr/components.py and _repr/core.py).
+
+   Trust contract (see environment.py):
+   - plain str args are autoescaped by Jinja inside `{{ … }}`
+   - Markup args pass through verbatim
+   - Globals CSS_TEXT_MUTED, NOT_SERIALIZABLE_MSG, STYLE_HIDDEN come from the
+     Environment.globals; do not hardcode their string values.
+#}
+
+{%- macro badge(text, variant='', tooltip='') -%}
+{%- if variant -%}
+<span class="anndata-badge {{ variant }}"{% if tooltip %} title="{{ tooltip }}"{% endif %}>{{ text }}</span>
+{%- else -%}
+<span class="anndata-badge"{% if tooltip %} title="{{ tooltip }}"{% endif %}>{{ text }}</span>
+{%- endif -%}
+{%- endmacro -%}
+
+{%- macro copy_button(text, tooltip='Copy') -%}
+<button class="anndata-entry__copy" style="{{ STYLE_HIDDEN }}" data-copy="{{ text }}" title="{{ tooltip }}" aria-label="{{ tooltip }}"></button>
+{%- endmacro -%}
+
+{%- macro muted_span(text) -%}
+<span class="{{ CSS_TEXT_MUTED }}">{{ text }}</span>
+{%- endmacro -%}
+
+{%- macro warning_icon(warnings, is_not_serializable=false) -%}
+{%- if warnings or is_not_serializable -%}
+{%- if is_not_serializable and warnings -%}
+{%- set title = NOT_SERIALIZABLE_MSG ~ ': ' ~ warnings | join('; ') -%}
+{%- elif is_not_serializable -%}
+{%- set title = NOT_SERIALIZABLE_MSG -%}
+{%- else -%}
+{%- set title = warnings | join('; ') -%}
+{%- endif -%}
+<span class="anndata-entry__warning" title="{{ title }}">(!)</span>
+{%- endif -%}
+{%- endmacro -%}
+
+{%- macro wrap_button(css_class) -%}
+<button class="{{ css_class }}" style="display:none" title="Expand to multi-line view">▼</button>
+{%- endmacro -%}
+
+{# File-path span: <span class="anndata-header__filepath">{path}</span> with
+   optional inline style. Used in the header next to backed/lazy badges. #}
+{%- macro filepath_span(path, style='') -%}
+{%- if style -%}
+<span class="anndata-header__filepath" style="{{ style }}">{{ path }}</span>
+{%- else -%}
+<span class="anndata-header__filepath">{{ path }}</span>
+{%- endif -%}
+{%- endmacro -%}
+
+{# Name cell: first column of an entry row. Shows the key with a copy button. #}
+{%- macro name_cell(entry_key) -%}
+<span class="anndata-entry__name" style="display:inline-block;min-width:var(--anndata-name-col-width,100px);vertical-align:top"><span class="anndata-entry__name-inner"><span class="anndata-entry__name-text" title="{{ entry_key }}">{{ entry_key }}</span>{{ copy_button(entry_key, 'Copy name') }}</span></span>
+{%- endmacro -%}
+
+{# Type cell: second column of an entry row. Combines type label, warnings,
+   optional wrap buttons, and optional custom type_markup (either as replacement
+   or appended below the label when append_type_markup=True). #}
+{%- macro type_cell(type_name, css_class, type_markup=None, tooltip='', all_warnings=None, is_not_serializable=false, has_columns_list=false, has_categories_list=false, append_type_markup=false) -%}
+<span class="anndata-entry__type" style="display:inline-block;min-width:var(--anndata-type-col-width,180px);vertical-align:top">
+{%- if type_markup and not append_type_markup -%}
+{{ type_markup }}
+{%- elif tooltip -%}
+<span class="{{ css_class }}" title="{{ tooltip }}">{{ type_name }}</span>
+{%- else -%}
+<span class="{{ css_class }}">{{ type_name }}</span>
+{%- endif -%}
+{{ warning_icon(all_warnings or [], is_not_serializable) }}
+{%- if has_columns_list %}{{ wrap_button('anndata-columns__wrap') }}{% endif -%}
+{%- if has_categories_list %}{{ wrap_button('anndata-categories__wrap') }}{% endif -%}
+{%- if type_markup and append_type_markup -%}
+<span class="anndata-entry__custom">{{ type_markup }}</span>
+{%- endif -%}
+</span>
+{%- endmacro -%}
+
+{# Preview cell: third column of an entry row. Either trusted Markup or muted
+   plain text. #}
+{%- macro preview_cell(preview_markup=None, preview_text=None) -%}
+<span class="anndata-entry__preview" style="display:inline-block;vertical-align:top">
+{%- if preview_markup -%}
+{{ preview_markup }}
+{%- elif preview_text -%}
+{{ muted_span(preview_text) }}
+{%- endif -%}
+</span>
+{%- endmacro -%}
+
+{# Row open: renders the opening element(s) for an entry row. Caller builds
+   css_class (space-separated). When has_expandable_content is true, emits
+   <details><summary>; otherwise a plain <div>. #}
+{%- macro row_open(key, dtype, css_class, has_expandable_content=false) -%}
+{%- if has_expandable_content -%}
+<details class="{{ css_class }}" data-key="{{ key }}" data-dtype="{{ dtype }}"><summary class="anndata-entry__summary">
+{%- else -%}
+<div class="{{ css_class }}" data-key="{{ key }}" data-dtype="{{ dtype }}">
+{%- endif -%}
+{%- endmacro -%}
+
+{# Nested content: closes the <summary> of an expandable entry and wraps the
+   nested HTML body. Caller is responsible for the closing </details>. #}
+{%- macro nested_content(html_content) -%}
+</summary><div class="anndata-entry__nested-content" style="margin-left:1.5em"><div class="anndata-entry__expanded">{{ html_content }}</div></div>
+{%- endmacro -%}
+
+{# Truncation indicator: "... and N more" line shown below a truncated section. #}
+{%- macro truncation_indicator(remaining) -%}
+<div class="anndata-section__truncated">... and {{ remaining }} more</div>
+{%- endmacro -%}
+
+{# Category list: comma-separated category swatches with optional color dots
+   and a "...+N" truncation tail.
+
+   `items` is a sequence of (label, safe_color_or_none) pairs; the caller
+   (Python) is responsible for sanitizing colors via sanitize_css_color before
+   passing them in. `total_hidden` is the total number of hidden categories
+   (from both max_cats truncation and lazy n_hidden). #}
+{%- macro category_list(items, total_hidden=0) -%}
+<span class="anndata-categories">
+{%- for label, safe_color in items -%}
+{%- if not loop.first %}<span class="anndata-categories__sep">, </span>{% endif -%}
+<span class="anndata-categories__item">
+{%- if safe_color -%}
+<span class="anndata-categories__dot" style="background:{{ safe_color }};"></span>
+{%- endif -%}
+<span>{{ label }}</span>
+</span>
+{%- endfor -%}
+{%- if total_hidden > 0 -%}
+<span class="{{ CSS_TEXT_MUTED }}">...+{{ total_hidden }}</span>
+{%- endif -%}
+</span>
+{%- endmacro -%}
+
+{# Error preview span: muted-red error message used in the preview column. #}
+{%- macro error_preview(message) -%}
+<span class="{{ CSS_TEXT_ERROR }}">{{ message }}</span>
+{%- endmacro -%}
+
+{# Warning preview span: yellow warning message used in the preview column. #}
+{%- macro warning_preview(message) -%}
+<span class="{{ CSS_TEXT_WARNING }}">{{ message }}</span>
+{%- endmacro -%}
+
+{# Muted error span: an italicised, parenthesised error shown in a muted
+   colour (used for attribute-access / format errors in the X entry and
+   similar compact rows). #}
+{%- macro muted_error_span(error_msg) -%}
+<span class="{{ CSS_TEXT_MUTED }}"><em>({{ error_msg }})</em></span>
+{%- endmacro -%}
+
+{# DataFrame columns preview: "[col1, col2, ...]" list used in obsm/varm for
+   DataFrames. `columns` is a sequence of plain str values; Jinja autoescapes
+   each when rendered inside {{ … }}. #}
+{%- macro columns_preview(columns) -%}
+<span class="anndata-columns">[{{ columns|join(", ") }}]</span>
+{%- endmacro -%}
+
+{# Single color swatch. Caller has already run sanitize_css_color on the
+   supplied `color` and passes `valid=True` when the result was non-None.
+   For invalid colors we render a "?" placeholder with the original label
+   in the tooltip. #}
+{%- macro color_swatch(color, label, valid=true) -%}
+{%- if valid -%}
+<span class="{{ CSS_COLORS_SWATCH }}" style="background:{{ color }}" title="{{ label }}"></span>
+{%- else -%}
+<span class="{{ CSS_COLORS_SWATCH }} {{ CSS_COLORS_SWATCH_INVALID }}" title="Invalid color: '{{ label }}'">?</span>
+{%- endif -%}
+{%- endmacro -%}
+
+{# Color preview wrapper: aggregates already-rendered swatches (Markup) and an
+   optional overflow counter. `swatches` is an iterable of Markup fragments
+   produced by `color_swatch`; they pass through verbatim. #}
+{%- macro color_preview(swatches, overflow_count=0) -%}
+<span class="{{ CSS_COLORS }}">
+{%- for swatch in swatches -%}
+{{ swatch }}
+{%- endfor -%}
+{%- if overflow_count and overflow_count > 0 -%}
+<span class="{{ CSS_TEXT_MUTED }}">+{{ overflow_count }}</span>
+{%- endif -%}
+</span>
+{%- endmacro -%}
+
+{# Wrapper for a nested AnnData repr (the HTML fragment produced by
+   generate_repr_html for a nested object). `inner` is Markup and passes
+   through verbatim. #}
+{%- macro nested_anndata_wrapper(inner) -%}
+<div class="{{ CSS_NESTED_ANNDATA }}">{{ inner }}</div>
+{%- endmacro -%}
+
+{# README info icon span. `content` and `tooltip` are plain str and must be
+   pre-scrubbed of NULs by the caller (Python replaces "\x00" -> "\ufffd"
+   before passing in). Jinja autoescapes the rest. #}
+{%- macro readme_icon(content, tooltip) -%}
+<span class="anndata-readme__icon" data-readme="{{ content }}" title="{{ tooltip }}" role="button" tabindex="0" aria-label="View README">ⓘ</span>
+{%- endmacro -%}
+
+{# Plain <pre> block for fallback rendering when the HTML repr is disabled. #}
+{%- macro pre_fallback(text) -%}
+<pre>{{ text }}</pre>
+{%- endmacro -%}
+
+{# Search box: input + case/regex toggle buttons + filter indicator. The
+   whole box is hidden until JS enables it (STYLE_HIDDEN). `search_id` is a
+   plain str and is autoescaped. #}
+{%- macro search_box(search_id) -%}
+<span class="anndata-search__box" style="{{ STYLE_HIDDEN }}"><input type="text" id="{{ search_id }}" name="{{ search_id }}" class="anndata-search__input" placeholder="Search..." aria-label="Search fields"><span class="anndata-search__toggles"><button type="button" class="anndata-search__toggle anndata-search__toggle--case" title="Match case" aria-label="Match case" aria-pressed="false">Aa</button><button type="button" class="anndata-search__toggle anndata-search__toggle--regex" title="Use regular expression" aria-label="Use regular expression" aria-pressed="false">.*</button></span></span><span class="anndata-search__indicator"></span>
+{%- endmacro -%}
diff --git a/src/anndata/_repr/templates/anndata.j2 b/src/anndata/_repr/templates/anndata.j2
new file mode 100644
index 000000000..058334168
--- /dev/null
+++ b/src/anndata/_repr/templates/anndata.j2
@@ -0,0 +1,16 @@
+{# Outer AnnData repr frame.
+   Pre-rendered fragments (header, sections, footer, css, js) arrive as
+   Markup and pass through verbatim. Scalars (container_id, depth, style)
+   are plain str and autoescaped by the engine.
+#}
+{% if css %}{{ css }}{% endif %}
+<div class="anndata-repr" id="{{ container_id }}" data-depth="{{ depth }}" style="{{ style }}">
+  {% if header %}{{ header }}{% endif %}
+  {% if index_preview %}{{ index_preview }}{% endif %}
+  <div class="anndata-repr__sections">
+    {% for section in sections %}{{ section }}{% endfor %}
+  </div>
+  {% if footer %}{{ footer }}{% endif %}
+  {% if hints %}{{ hints }}{% endif %}
+</div>
+{% if javascript %}{{ javascript }}{% endif %}
diff --git a/src/anndata/_repr/templates/entry.j2 b/src/anndata/_repr/templates/entry.j2
new file mode 100644
index 000000000..d6ffda5e6
--- /dev/null
+++ b/src/anndata/_repr/templates/entry.j2
@@ -0,0 +1,23 @@
+{# Renders one entry row.
+
+   Trust contract:
+   - `entry_key`, `type_name`, `css_class`, `tooltip`, `preview_text` and items in
+     `all_warnings` are plain str and autoescaped inside `{{ … }}`.
+   - `type_markup`, `preview_markup`, `expanded_markup` arrive as Markup (produced by
+     Python formatters) and pass through verbatim.
+#}
+{% from '_macros.j2' import name_cell, nested_content, preview_cell, row_open, type_cell %}
+
+{%- set entry_classes = 'anndata-entry' -%}
+{%- if all_warnings %}{%- set entry_classes = entry_classes ~ ' warning' -%}{%- endif -%}
+{%- if has_error %}{%- set entry_classes = entry_classes ~ ' error' -%}{%- endif -%}
+
+{{ row_open(entry_key, type_name, entry_classes, has_expandable_content) -}}
+{{ name_cell(entry_key) -}}
+{{ type_cell(type_name, css_class, type_markup=type_markup, tooltip=tooltip, all_warnings=all_warnings, is_not_serializable=is_not_serializable, has_columns_list=has_columns_list, has_categories_list=has_categories_list, append_type_markup=append_type_markup) -}}
+{{ preview_cell(preview_markup=preview_markup, preview_text=preview_text) -}}
+{%- if has_expandable_content -%}
+{{ nested_content(expanded_markup) }}</details>
+{%- else -%}
+</div>
+{%- endif -%}
diff --git a/src/anndata/_repr/templates/error_entry.j2 b/src/anndata/_repr/templates/error_entry.j2
new file mode 100644
index 000000000..3eca9d8a6
--- /dev/null
+++ b/src/anndata/_repr/templates/error_entry.j2
@@ -0,0 +1,22 @@
+{# Error-section block used when a whole section failed to render.
+
+   Inputs:
+   - section (str): section name (e.g. "X", "var"). Autoescaped.
+   - error (str): truncated error message (caller handles truncation).
+     Autoescaped.
+
+   Renders a <details class="anndata-section anndata-sec-error" open> frame
+   with a single red error entry. Not a normal section: no entries grid,
+   no doc_url, no tooltip.
+#}
+<details class="anndata-section anndata-sec-error" data-section="{{ section }}" open>
+  <summary>
+    <span class="anndata-section__name">{{ section }}</span>
+    <span class="anndata-section__count anndata-badge--error">(error)</span>
+  </summary>
+  <div class="anndata-section__content">
+    <div class="anndata-entry--error">
+      Failed to render: {{ error }}
+    </div>
+  </div>
+</details>
diff --git a/src/anndata/_repr/templates/footer.j2 b/src/anndata/_repr/templates/footer.j2
new file mode 100644
index 000000000..a9664cb20
--- /dev/null
+++ b/src/anndata/_repr/templates/footer.j2
@@ -0,0 +1,15 @@
+{# AnnData footer block.
+
+   Inputs:
+   - version (str): anndata version string.
+   - memory_str (str | None): human-readable memory size (e.g. "1.2 MB"); omitted
+     when sizeof computation failed.
+
+   Role: produce `<div class="anndata-footer">`.
+#}
+<div class="anndata-footer">
+  <span>anndata v{{ version }}</span>
+  {%- if memory_str is not none %}
+  <span title="Estimated memory usage">~{{ memory_str }}</span>
+  {%- endif %}
+</div>
diff --git a/src/anndata/_repr/templates/header.j2 b/src/anndata/_repr/templates/header.j2
new file mode 100644
index 000000000..f971d791b
--- /dev/null
+++ b/src/anndata/_repr/templates/header.j2
@@ -0,0 +1,25 @@
+{# AnnData header block.
+
+   Inputs:
+   - type_name (str): class name like "AnnData".
+   - shape_str (str): e.g. "10 obs × 5 vars"; pre-formatted, autoescaped.
+   - extras (list[Markup]): pre-rendered badges, filepath spans, readme icon —
+     emitted in the order Python built them (badges and filepath spans are
+     interleaved, so a flat ordered list keeps output identical to the
+     pre-template code path).
+   - search_box (Markup | None): pre-rendered search box (from render_search_box);
+     when present, a spacer span is emitted before it.
+
+   Role: assemble `<div class="anndata-header">…</div>`.
+#}
+<div class="anndata-header">
+  <span class="anndata-header__type">{{ type_name }}</span>
+  <span class="anndata-header__shape">{{ shape_str }}</span>
+  {%- for extra in extras %}
+  {{ extra }}
+  {%- endfor %}
+  {%- if search_box is not none %}
+  <span class="anndata-spacer"></span>
+  {{ search_box }}
+  {%- endif %}
+</div>
diff --git a/src/anndata/_repr/templates/hints.j2 b/src/anndata/_repr/templates/hints.j2
new file mode 100644
index 000000000..14d948cdf
--- /dev/null
+++ b/src/anndata/_repr/templates/hints.j2
@@ -0,0 +1,11 @@
+{# Static no-CSS / no-JS hint block.
+
+   No inputs. Shown only at depth 0. The no-CSS hint is visible by default;
+   the no-JS hint is hidden inline and later revealed by CSS or hidden by JS.
+#}
+<div class="anndata-repr__hint-nocss">
+<em>Styled representation available in Jupyter and trusted notebooks (colors, search, type highlighting).</em>
+</div>
+<div class="anndata-repr__hint-nojs" style="display:none">
+<em>Interactive features (search, copy, category wrapping) require JavaScript. Trust this notebook to enable them.</em>
+</div>
diff --git a/src/anndata/_repr/templates/index_preview.j2 b/src/anndata/_repr/templates/index_preview.j2
new file mode 100644
index 000000000..955418819
--- /dev/null
+++ b/src/anndata/_repr/templates/index_preview.j2
@@ -0,0 +1,13 @@
+{# obs_names / var_names preview block.
+
+   Inputs:
+   - obs_preview (Markup): pre-escaped comma-separated preview of obs_names
+     (format_index_preview already escapes each item).
+   - var_preview (Markup): same for var_names.
+
+   Role: produce the two-line `<div class="anndata-header__index">` block.
+#}
+<div class="anndata-header__index">
+  <div><strong>obs_names:</strong> {{ obs_preview }}</div>
+  <div><strong>var_names:</strong> {{ var_preview }}</div>
+</div>
diff --git a/src/anndata/_repr/templates/max_depth_indicator.j2 b/src/anndata/_repr/templates/max_depth_indicator.j2
new file mode 100644
index 000000000..7f9affd61
--- /dev/null
+++ b/src/anndata/_repr/templates/max_depth_indicator.j2
@@ -0,0 +1,7 @@
+{# Single-line depth-limit placeholder shown when recursion hits max_depth.
+
+   Inputs:
+   - n_obs_str (str): pre-formatted obs count (via format_number, falls back to "?").
+   - n_vars_str (str): pre-formatted var count.
+#}
+<div class="anndata-depth-limit">AnnData ({{ n_obs_str }} × {{ n_vars_str }}) - max depth reached</div>
diff --git a/src/anndata/_repr/templates/raw_repr.j2 b/src/anndata/_repr/templates/raw_repr.j2
new file mode 100644
index 000000000..0b20760d1
--- /dev/null
+++ b/src/anndata/_repr/templates/raw_repr.j2
@@ -0,0 +1,35 @@
+{# Inner HTML body for a Raw object (rendered when a Raw row is expanded).
+
+   Inputs:
+   - container_id (str): unique id for the outer <div>. Autoescaped.
+   - shape_str (str): "N obs × M var". Autoescaped.
+   - obs_preview (Markup | None): Markup from format_index_preview, or None
+     when obs_names could not be read (renders an "<em>not available</em>"
+     placeholder).
+   - var_preview (Markup | None): same contract for var_names.
+   - sections (list[Markup]): pre-rendered X / var / varm sections (or error
+     placeholders), emitted in order. Trusted HTML.
+
+   Role: produce the `<div class="anndata-repr">…</div>` body used as the
+   nested content of the Raw row. This intentionally mirrors anndata.j2's
+   shape but drops sections a Raw doesn't have (obs, obsm, layers, ...).
+#}
+<div class="anndata-repr" id="{{ container_id }}">
+  <div class="anndata-header">
+    <span class="anndata-header__type">Raw</span>
+    <span class="anndata-header__shape">{{ shape_str }}</span>
+  </div>
+  <div class="anndata-header__index">
+    <div><strong>obs_names:</strong>
+      {%- if obs_preview is not none %} {{ obs_preview }}
+      {%- else %} <em>not available</em>{% endif %}
+    </div>
+    <div><strong>var_names:</strong>
+      {%- if var_preview is not none %} {{ var_preview }}
+      {%- else %} <em>not available</em>{% endif %}
+    </div>
+  </div>
+  {%- for section in sections %}
+  {{ section }}
+  {%- endfor %}
+</div>
diff --git a/src/anndata/_repr/templates/raw_section.j2 b/src/anndata/_repr/templates/raw_section.j2
new file mode 100644
index 000000000..3e56adf2b
--- /dev/null
+++ b/src/anndata/_repr/templates/raw_section.j2
@@ -0,0 +1,16 @@
+{# Raw-section frame: a minimal single-row "section" for adata.raw.
+
+   Inputs:
+   - entry_markup (Markup): the pre-rendered Raw row (from row_open + name/type/
+     preview cells + optional nested_content + closing </details>|</div>).
+     Trusted HTML, emitted verbatim.
+
+   The outer container uses ``anndata-sec anndata-sec-raw`` (not the normal
+   ``anndata-section`` <details> frame) because Raw shows a single row rather
+   than an expandable group of entries.
+#}
+<div class="anndata-sec anndata-sec-raw" data-section="raw">
+  <div class="anndata-section__entries">
+    {{ entry_markup }}
+  </div>
+</div>
diff --git a/src/anndata/_repr/templates/section.j2 b/src/anndata/_repr/templates/section.j2
new file mode 100644
index 000000000..d4aa697da
--- /dev/null
+++ b/src/anndata/_repr/templates/section.j2
@@ -0,0 +1,38 @@
+{# One-size-fits-all section frame.
+   Non-empty sections get <details>/<summary> with the entries body.
+   Empty sections render a muted "No entries" placeholder.
+   All user-facing strings (name, count_str, tooltip) are autoescaped;
+   doc_url is autoescaped inside the href attribute.
+   `entries` is expected to be Markup (pre-rendered HTML).
+   `extra_classes` is an optional str of additional CSS classes
+   (e.g. "anndata-sec-unknown") appended to the root <details>.
+   `count_str` is emitted verbatim whether n_items is zero or not —
+   callers pick (empty), (N items), (N columns), ... as appropriate.
+#}
+{%- macro section_header(name, count_str, doc_url, tooltip) -%}
+<summary>
+  <span class="anndata-section__name">{{ name }}</span>
+  <span class="anndata-section__count">{{ count_str }}</span>
+  {%- if doc_url %}
+  <a class="anndata-section__help" href="{{ doc_url }}" target="_blank" title="{{ tooltip }}">?</a>
+  {%- endif %}
+</summary>
+{%- endmacro -%}
+{%- set root_class = 'anndata-section' ~ (' ' ~ extra_classes if extra_classes else '') -%}
+{%- if n_items == 0 -%}
+<details class="{{ root_class }}" data-section="{{ section_id }}">
+  {{ section_header(name, count_str, doc_url, tooltip) }}
+  <div class="anndata-section__content">
+    <div class="anndata-section__empty">No entries</div>
+  </div>
+</details>
+{%- else -%}
+<details class="{{ root_class }}" data-section="{{ section_id }}"{% if not should_collapse %} open{% endif %}>
+  {{ section_header(name, count_str, doc_url, tooltip) }}
+  <div class="anndata-section__content">
+    <div class="anndata-section__entries">
+      {{ entries }}
+    </div>
+  </div>
+</details>
+{%- endif -%}
diff --git a/src/anndata/_repr/templates/x_entry.j2 b/src/anndata/_repr/templates/x_entry.j2
new file mode 100644
index 000000000..be6f91261
--- /dev/null
+++ b/src/anndata/_repr/templates/x_entry.j2
@@ -0,0 +1,22 @@
+{# Renders the <div class="anndata-x__entry"> row.
+
+   Inputs:
+   - x_label (str): the label to show in the name cell (always "X").
+   - state (str): one of "ok", "none", "attribute_error", "format_error".
+   - type_name (str): type label (only used for state="ok"). Autoescaped.
+   - css_class (str): CSS dtype class (only used for state="ok").
+   - error_msg (str): short error string (used for state="attribute_error"
+     and state="format_error"). Autoescaped.
+
+   Trust contract: all inputs are plain str; Jinja autoescapes them. #}
+{% from '_macros.j2' import muted_error_span %}
+<div class="anndata-x__entry">
+<span>{{ x_label }}</span>
+{%- if state == "ok" -%}
+<span class="{{ css_class }}">{{ type_name }}</span>
+{%- elif state == "none" -%}
+<span><em>None</em></span>
+{%- else -%}
+{{ muted_error_span(error_msg) }}
+{%- endif -%}
+</div>
diff --git a/src/anndata/_repr/utils.py b/src/anndata/_repr/utils.py
index 2a87f2595..73495220f 100644
--- a/src/anndata/_repr/utils.py
+++ b/src/anndata/_repr/utils.py
@@ -5,13 +5,12 @@
 - Serialization checking using the anndata IO registry
 - String-to-category warning detection
 - Color list detection and validation
-- HTML escaping and sanitization
+- Id sanitization
 - Memory size formatting
 """
 
 from __future__ import annotations
 
-import html
 import re
 from typing import TYPE_CHECKING
 
@@ -19,6 +18,7 @@
     from collections.abc import Sequence
 
 import numpy as np
+from markupsafe import Markup
 
 from .._repr_constants import (
     DICT_PREVIEW_KEYS,
@@ -506,8 +506,8 @@ def _get_colors_from_uns(
     return _compute_if_dask(colors)
 
 
-def format_index_preview(index: pd.Index, preview_n: int = 5) -> str:
-    """Format a preview of a pandas Index.
+def format_index_preview(index: pd.Index, preview_n: int = 5) -> Markup:
+    """Format a preview of a pandas Index as trusted HTML.
 
     Shows first and last items with ellipsis in between for long indices.
     Handles bytes index values (from older h5ad files) by decoding them.
@@ -521,39 +521,31 @@ def format_index_preview(index: pd.Index, preview_n: int = 5) -> str:
 
     Returns
     -------
-    Comma-separated preview string, or ``<em>empty</em>`` for empty indices.
+    ``Markup`` with the comma-separated preview, or ``<em>empty</em>``
+    for empty indices. Each item is autoescaped by ``Markup.join``.
     """
     n = len(index)
     if n == 0:
-        return "<em>empty</em>"
+        return Markup("<em>empty</em>")
 
     def _format_value(x: object) -> str:
-        """Format a single index value, decoding bytes if needed."""
         if isinstance(x, bytes):
             try:
                 return x.decode("utf-8")
             except UnicodeDecodeError:
                 return x.decode("latin-1")
-        return str(x)
+        return str(x).replace("\x00", "\ufffd")
 
     if n <= preview_n * 2:
-        items = [escape_html(_format_value(x)) for x in index]
+        items: list[str | Markup] = [_format_value(x) for x in index]
     else:
-        first = [escape_html(_format_value(x)) for x in index[:preview_n]]
-        last = [escape_html(_format_value(x)) for x in index[-preview_n:]]
-        items = [*first, "...", *last]
+        items = [
+            *(_format_value(x) for x in index[:preview_n]),
+            Markup("..."),
+            *(_format_value(x) for x in index[-preview_n:]),
+        ]
 
-    return ", ".join(items)
-
-
-def escape_html(text: str) -> str:
-    """Escape HTML special characters and replace null bytes.
-
-    Null bytes in user data (e.g., column names like ``"null\\x00byte"``)
-    break HTML parsers and cause truncated rendering. They are replaced
-    with the Unicode replacement character U+FFFD.
-    """
-    return html.escape(str(text).replace("\x00", "\ufffd"))
+    return Markup(", ").join(items)
 
 
 def sanitize_for_id(text: str) -> str:
diff --git a/tests/repr/test_repr_core.py b/tests/repr/test_repr_core.py
index 63f8b8bd2..1ba7b1e9c 100644
--- a/tests/repr/test_repr_core.py
+++ b/tests/repr/test_repr_core.py
@@ -921,9 +921,8 @@ def test_ui_helper_exports(self):
 
     def test_utility_exports(self):
         """Test utility functions are exported."""
-        from anndata._repr import escape_html, format_memory_size, format_number
+        from anndata._repr import format_memory_size, format_number
 
-        assert escape_html("<test>") == "&lt;test&gt;"
         assert "KB" in format_memory_size(1024)
         assert format_number(1000) == "1,000"
 
diff --git a/tests/repr/test_repr_formatters.py b/tests/repr/test_repr_formatters.py
index de7a66347..75e792818 100644
--- a/tests/repr/test_repr_formatters.py
+++ b/tests/repr/test_repr_formatters.py
@@ -14,6 +14,7 @@
 import pandas as pd
 import pytest
 import scipy.sparse as sp
+from markupsafe import Markup
 
 from anndata import AnnData
 
@@ -290,9 +291,9 @@ def test_dataframe_formatter(self):
         assert "3 × 2" in result.type_name
 
         result_obsm = formatter.format(df, FormatterContext(section="obsm"))
-        assert result_obsm.preview_html is not None
-        assert "a" in result_obsm.preview_html
-        assert "b" in result_obsm.preview_html
+        assert result_obsm.preview_markup is not None
+        assert "a" in result_obsm.preview_markup
+        assert "b" in result_obsm.preview_markup
 
     def test_dataframe_formatter_expandable(self):
         """Test DataFrameFormatter with expandable to_html enabled."""
@@ -305,14 +306,14 @@ def test_dataframe_formatter_expandable(self):
         df = pd.DataFrame({"a": [1, 2, 3], "b": [4, 5, 6]})
 
         result = formatter.format(df, ctx)
-        assert result.expanded_html is None
+        assert result.expanded_markup is None
 
         original = anndata.settings.repr_html_dataframe_expand
         try:
             anndata.settings.repr_html_dataframe_expand = True
             result_expanded = formatter.format(df, ctx)
-            assert result_expanded.expanded_html is not None
-            assert "<table" in result_expanded.expanded_html
+            assert result_expanded.expanded_markup is not None
+            assert "<table" in result_expanded.expanded_markup
         finally:
             anndata.settings.repr_html_dataframe_expand = original
 
@@ -328,9 +329,9 @@ def test_dataframe_long_column_names_truncation(self):
         df = pd.DataFrame(long_names)
 
         result = formatter.format(df, FormatterContext(section="obsm"))
-        assert result.preview_html is not None
-        assert "anndata-columns" in result.preview_html
-        assert "very_long_column_name_0" in result.preview_html
+        assert result.preview_markup is not None
+        assert "anndata-columns" in result.preview_markup
+        assert "very_long_column_name_0" in result.preview_markup
 
 
 class TestBuiltinFormatters:
@@ -656,10 +657,10 @@ def test_anndata_formatter_nested_depth_limit(self):
         inner = AnnData(np.zeros((5, 3)))
 
         result_shallow = formatter.format(inner, FormatterContext(depth=0, max_depth=3))
-        assert result_shallow.expanded_html is not None
+        assert result_shallow.expanded_markup is not None
 
         result_deep = formatter.format(inner, FormatterContext(depth=2, max_depth=3))
-        assert result_deep.expanded_html is None
+        assert result_deep.expanded_markup is None
 
 
 class TestFutureCompatibility:
@@ -779,7 +780,9 @@ def format(self, obj, context):
                 return FormattedOutput(
                     type_name="CustomInline",
                     css_class="anndata-dtype--custom",
-                    preview_html='<span class="test-inline">Inline Preview</span>',
+                    preview_markup=Markup(
+                        '<span class="test-inline">Inline Preview</span>'
+                    ),
                 )
 
         formatter = InlineHtmlFormatter()
@@ -820,7 +823,7 @@ def can_format(self, obj, context):
                 )
 
             def format(self, obj, context):
-                tree_html = """
+                tree_html = Markup("""
                 <div class="test-tree">
                     <ul>
                         <li>Root
@@ -831,11 +834,11 @@ def format(self, obj, context):
                         </li>
                     </ul>
                 </div>
-                """
+                """)
                 return FormattedOutput(
                     type_name="TreeData (3 nodes)",
                     css_class="anndata-dtype--tree",
-                    expanded_html=tree_html,
+                    expanded_markup=tree_html,
                 )
 
         formatter = ExpandableHtmlFormatter()
@@ -1009,29 +1012,29 @@ def test_array_api_formatter_obsm_preview(self):
         result = formatter.format(arr, FormatterContext(section="varm"))
         assert result.preview == "(15 columns)"
 
-    def test_dataframe_obsm_preview_html(self):
-        """Test DataFrameFormatter shows column list in obsm preview_html."""
+    def test_dataframe_obsm_preview_markup(self):
+        """Test DataFrameFormatter shows column list in obsm preview_markup."""
         from anndata._repr.formatters import DataFrameFormatter
         from anndata._repr.registry import FormatterContext
 
         formatter = DataFrameFormatter()
         df = pd.DataFrame({"col_a": [1, 2, 3], "col_b": [4, 5, 6], "col_c": [7, 8, 9]})
 
-        # No preview_html outside obsm/varm
+        # No preview_markup outside obsm/varm
         result = formatter.format(df, FormatterContext(section="uns"))
-        assert result.preview_html is None
+        assert result.preview_markup is None
 
         # Shows column names in obsm
         result = formatter.format(df, FormatterContext(section="obsm"))
-        assert result.preview_html is not None
-        assert "col_a" in result.preview_html
-        assert "col_b" in result.preview_html
-        assert "col_c" in result.preview_html
+        assert result.preview_markup is not None
+        assert "col_a" in result.preview_markup
+        assert "col_b" in result.preview_markup
+        assert "col_c" in result.preview_markup
 
         # Shows column names in varm
         result = formatter.format(df, FormatterContext(section="varm"))
-        assert result.preview_html is not None
-        assert "col_a" in result.preview_html
+        assert result.preview_markup is not None
+        assert "col_a" in result.preview_markup
 
     def test_1d_arrays_no_preview(self):
         """Test that 1D arrays don't show column preview in obsm/varm."""
diff --git a/tests/repr/test_repr_registry.py b/tests/repr/test_repr_registry.py
index a4af35eec..6c6a88e04 100644
--- a/tests/repr/test_repr_registry.py
+++ b/tests/repr/test_repr_registry.py
@@ -11,6 +11,7 @@
 
 import numpy as np
 import pytest
+from markupsafe import Markup
 
 from anndata import AnnData
 
@@ -546,7 +547,9 @@ def format(self, obj, context):
                 items = data.get("data", {})
                 return FormattedOutput(
                     type_name="test config",
-                    preview_html=f'<span class="test-custom">Items: {len(items)}</span>',
+                    preview_markup=Markup(
+                        f'<span class="test-custom">Items: {len(items)}</span>'
+                    ),
                 )
 
         formatter = TestConfigFormatter()
@@ -814,7 +817,7 @@ def get_entries(self, obj, context: FormatterContext):
                         output=FormattedOutput(
                             type_name="Expandable",
                             css_class="test",
-                            expanded_html="<div>Expanded content here</div>",
+                            expanded_markup=Markup("<div>Expanded content here</div>"),
                         ),
                     ),
                 ]
@@ -857,7 +860,9 @@ def get_entries(self, obj, context: FormatterContext):
                         output=FormattedOutput(
                             type_name="Inline",
                             css_class="test",
-                            preview_html="<span class='preview'>Preview content</span>",
+                            preview_markup=Markup(
+                                "<span class='preview'>Preview content</span>"
+                            ),
                         ),
                     ),
                 ]
diff --git a/tests/repr/test_repr_robustness.py b/tests/repr/test_repr_robustness.py
index 209c93846..b176165e4 100644
--- a/tests/repr/test_repr_robustness.py
+++ b/tests/repr/test_repr_robustness.py
@@ -1509,3 +1509,157 @@ def test_unicode_in_readme(self, validate_html) -> None:
 
         v.assert_html_well_formed()
         v.assert_element_exists(".anndata-readme__icon")
+        assert "\x00" not in html, "NUL leaked into rendered HTML"
+
+
+class TestMarkupAutoescapeContract:
+    """Verify the Markup trust boundary is enforced by Jinja autoescape.
+
+    FormattedOutput.{type_markup, preview_markup, expanded_markup} are typed
+    ``Markup | None``. An ecosystem extension that violates the contract by
+    passing a bare ``str`` with HTML must get its input autoescaped —
+    the trust boundary is a type-level assertion, not a convention.
+
+    These tests deliberately violate the contract to prove the safety net.
+    """
+
+    ATTACK = '<script>alert("xss")</script>'
+    ESCAPED = "&lt;script&gt;alert(&#34;xss&#34;)&lt;/script&gt;"
+
+    def _register_and_render(self, *, field: str) -> str:
+        """Register a one-off TypeFormatter that sets ``field`` to bare str and render."""
+        from anndata._repr.registry import (
+            FormattedOutput,
+            TypeFormatter,
+            register_formatter,
+        )
+
+        attack = self.ATTACK
+
+        class _ContractViolator(TypeFormatter):
+            priority = 10000  # beat every built-in formatter
+
+            def can_format(self, obj, context):
+                return isinstance(obj, _ContractViolator._Sentinel)
+
+            def format(self, obj, context):
+                # Bare str — violates the Markup | None contract.
+                return FormattedOutput(type_name="violator", **{field: attack})
+
+            class _Sentinel:
+                pass
+
+        formatter = _ContractViolator()
+        register_formatter(formatter)
+        try:
+            adata = AnnData(np.zeros((2, 2)))
+            adata.uns["evil"] = _ContractViolator._Sentinel()
+            return adata._repr_html_()
+        finally:
+            formatter_registry.unregister_type_formatter(formatter)
+
+    def test_bare_str_preview_markup_is_escaped(self) -> None:
+        html = self._register_and_render(field="preview_markup")
+        assert self.ATTACK not in html, (
+            "bare str preview_markup leaked raw — autoescape failed"
+        )
+        assert self.ESCAPED in html
+
+    def test_bare_str_type_markup_is_escaped(self) -> None:
+        html = self._register_and_render(field="type_markup")
+        assert self.ATTACK not in html
+        assert self.ESCAPED in html
+
+    def test_bare_str_expanded_markup_is_escaped(self) -> None:
+        html = self._register_and_render(field="expanded_markup")
+        assert self.ATTACK not in html
+        assert self.ESCAPED in html
+
+    def test_markup_wrapped_preview_passes_through(self) -> None:
+        """Positive control: ``Markup`` input flows through autoescape verbatim."""
+        from markupsafe import Markup
+
+        from anndata._repr.registry import (
+            FormattedOutput,
+            TypeFormatter,
+            register_formatter,
+        )
+
+        safe_html = '<span class="trusted-preview">hello</span>'
+
+        class _TrustedFormatter(TypeFormatter):
+            priority = 10000
+
+            def can_format(self, obj, context):
+                return isinstance(obj, _TrustedFormatter._Sentinel)
+
+            def format(self, obj, context):
+                return FormattedOutput(
+                    type_name="trusted",
+                    preview_markup=Markup(safe_html),
+                )
+
+            class _Sentinel:
+                pass
+
+        formatter = _TrustedFormatter()
+        register_formatter(formatter)
+        try:
+            adata = AnnData(np.zeros((2, 2)))
+            adata.uns["ok"] = _TrustedFormatter._Sentinel()
+            html = adata._repr_html_()
+            assert safe_html in html, (
+                "Markup-wrapped preview did not pass through verbatim"
+            )
+        finally:
+            formatter_registry.unregister_type_formatter(formatter)
+
+    def test_section_formatter_render_html_is_trusted(self) -> None:
+        """Document the ecosystem-extension contract: ``SectionFormatter.render_html``
+        output is trusted verbatim.
+
+        ``_render_custom_section`` wraps ``render_html`` return values in
+        ``Markup(...)`` — that is a trust assertion, not a sanitizer. An
+        extension author who returns a bare ``str`` with embedded HTML is
+        responsible for the contents being safe. This test pins the current
+        behavior so any future shift to autoescape is an explicit decision.
+        """
+        from anndata._repr.registry import (
+            FormattedEntry,
+            FormattedOutput,
+            SectionFormatter,
+            formatter_registry,
+        )
+
+        raw_html = '<div class="custom">trusted <b>raw</b> html</div>'
+
+        class _TrustedSection(SectionFormatter):
+            @property
+            def section_name(self) -> str:
+                return "_trusted_section"
+
+            def should_show(self, obj):
+                return True
+
+            def get_entries(self, obj, context):
+                return [
+                    FormattedEntry(key="ignored", output=FormattedOutput(type_name="x"))
+                ]
+
+            def render_html(self, obj, context):
+                # Bare str — anndata trusts this verbatim per the extension contract.
+                return raw_html
+
+        formatter = _TrustedSection()
+        formatter_registry.register_section_formatter(formatter)
+        try:
+            adata = AnnData(np.zeros((2, 2)))
+            html = adata._repr_html_()
+            assert raw_html in html, (
+                "render_html(str) must be passed through unmodified — "
+                "trust boundary is the SectionFormatter contract"
+            )
+        finally:
+            # No public unregister for section formatters; pop from internal dict.
+            for name in formatter.section_names:
+                formatter_registry._section_formatters.pop(name, None)
diff --git a/tests/repr/test_repr_utils.py b/tests/repr/test_repr_utils.py
index e3b500927..e959dac36 100644
--- a/tests/repr/test_repr_utils.py
+++ b/tests/repr/test_repr_utils.py
@@ -181,14 +181,6 @@ def test_get_matching_column_colors_no_uns_key(self):
 class TestFormatting:
     """Tests for formatting utilities."""
 
-    def test_escape_html(self):
-        """Test HTML escaping."""
-        from anndata._repr.utils import escape_html
-
-        assert escape_html("<script>") == "&lt;script&gt;"
-        assert escape_html("a & b") == "a &amp; b"
-        assert escape_html('"quoted"') == "&quot;quoted&quot;"
-
     def test_format_memory_size(self):
         """Test memory size formatting."""
         from anndata._repr.utils import format_memory_size
diff --git a/tests/test_repr.py b/tests/test_repr.py
index 535d918a0..669e94e2f 100644
--- a/tests/test_repr.py
+++ b/tests/test_repr.py
@@ -152,11 +152,12 @@ def render_html(self, obj, context):
 
 def test_repr_html_section_formatter_render_html_escaping(adata):
     """render_html output is inserted as-is — formatter must escape values."""
+    from markupsafe import Markup
+
     from anndata._repr import (
         SectionFormatter,
         register_formatter,
     )
-    from anndata._repr.utils import escape_html
 
     @register_formatter
     class TestEscapedSection(SectionFormatter):
@@ -174,9 +175,9 @@ def get_entries(self, obj, context):
             return []
 
         def render_html(self, obj, context):
-            # Properly escaped — this is the formatter's responsibility
+            # Properly escaped — Markup.format() escapes the str argument
             val = '<script>alert("xss")</script>'
-            return f"<div>{escape_html(val)}</div>"
+            return Markup("<div>{}</div>").format(val)
 
     try:
         html = adata._repr_html_()
diff --git a/tests/visual_inspect_repr_html.py b/tests/visual_inspect_repr_html.py
index 4bbd5da7e..ee9ab9c68 100644
--- a/tests/visual_inspect_repr_html.py
+++ b/tests/visual_inspect_repr_html.py
@@ -34,6 +34,7 @@
 import numpy as np
 import pandas as pd
 import scipy.sparse as sp
+from markupsafe import Markup
 
 import anndata as ad
 
@@ -49,7 +50,6 @@
 from anndata._repr import (  # noqa: E402
     FormattedOutput,
     TypeFormatter,
-    escape_html,
     extract_uns_type_hint,
     register_formatter,
 )
@@ -219,7 +219,7 @@ def get_entries(self, obj, context: FormatterContext) -> list[FormattedEntry]:
                     type_name=f"DiGraph ({n_nodes} nodes, {n_leaves} leaves)",
                     css_class="anndata-dtype--tree",
                     tooltip=f"Phylogenetic tree with {n_nodes} total nodes",
-                    expanded_html=svg_html,
+                    expanded_markup=Markup(svg_html),
                 )
                 entries.append(FormattedEntry(key=key, output=output))
             return entries
@@ -258,7 +258,7 @@ def get_entries(self, obj, context: FormatterContext) -> list[FormattedEntry]:
                     type_name=f"DiGraph ({n_nodes} nodes, {n_leaves} leaves)",
                     css_class="anndata-dtype--tree",
                     tooltip=f"Phylogenetic tree with {n_nodes} total nodes",
-                    expanded_html=svg_html,
+                    expanded_markup=Markup(svg_html),
                 )
                 entries.append(FormattedEntry(key=key, output=output))
             return entries
@@ -276,7 +276,7 @@ class TreeMetadataSectionFormatter(SectionFormatter):
 
         Renders like the X entry — a single non-foldable line showing
         key=value pairs for label, alignment, and allow_overlap.
-        All values are escaped via ``escape_html(repr(val))``.
+        All values are escaped via ``Markup(...).format(...)``.
         """
 
         @property
@@ -319,11 +319,9 @@ def get_entries(self, obj, context: FormatterContext) -> list[FormattedEntry]:
                     entries.append(FormattedEntry(key=label, output=output))
             return entries
 
-        def render_html(self, obj, context: FormatterContext) -> str:
+        def render_html(self, obj, context: FormatterContext) -> Markup:
             """Render as a compact line instead of a foldable section."""
-            from anndata._repr.utils import escape_html
-
-            pairs = []
+            pairs: list[Markup] = []
             for attr, label in [
                 ("_tree_label", "label"),
                 ("_alignment", "alignment"),
@@ -332,16 +330,17 @@ def render_html(self, obj, context: FormatterContext) -> str:
                 val = getattr(obj, attr, None)
                 if val is not None:
                     pairs.append(
-                        f'<span style="color:var(--anndata-text-secondary,#6c757d);">{label}=</span>'
-                        f"{escape_html(repr(val))}"
+                        Markup(
+                            '<span style="color:var(--anndata-text-secondary,#6c757d);">{label}=</span>{val}'
+                        ).format(label=label, val=repr(val))
                     )
-            summary = " &nbsp; ".join(pairs)
-            return (
+            summary = Markup(" &nbsp; ").join(pairs)
+            return Markup(
                 '<div class="anndata-x__entry">'
-                f"<span>tree</span>"
-                f"<span>{summary}</span>"
+                "<span>tree</span>"
+                "<span>{summary}</span>"
                 "</div>"
-            )
+            ).format(summary=summary)
 
 except (ImportError, AttributeError):
     # AttributeError can occur on Python 3.14+ with incompatible networkx versions
@@ -433,7 +432,7 @@ def get_entries(self, obj, context: FormatterContext) -> list[FormattedEntry]:
                     type_name=f"AnnData ({shape_str})",
                     css_class="anndata-dtype--anndata",
                     tooltip=f"Modality: {mod_name}",
-                    expanded_html=nested_html if can_expand else None,
+                    expanded_markup=Markup(nested_html) if can_expand else None,
                     is_serializable=True,
                 )
                 entries.append(FormattedEntry(key=mod_name, output=output))
@@ -469,7 +468,6 @@ def get_entries(self, obj, context: FormatterContext) -> list[FormattedEntry]:
         FormatterRegistry,
         SectionFormatter,
         TypeFormatter,
-        escape_html,
         format_number,
         get_css,
         get_javascript,
@@ -575,9 +573,11 @@ def _build_header(self, container_id: str) -> str:
                     )
                 )
                 parts.append(
-                    f'<span class="anndata-file-path" style="font-family:ui-monospace,monospace;'
-                    f'font-size:11px;color:var(--anndata-text-secondary, #6c757d);">'
-                    f"{escape_html(self.path)}</span>"
+                    Markup(
+                        '<span class="anndata-file-path" style="font-family:ui-monospace,monospace;'
+                        'font-size:11px;color:var(--anndata-text-secondary, #6c757d);">'
+                        "{path}</span>"
+                    ).format(path=self.path)
                 )
 
             # Search box using render_search_box() helper
@@ -620,10 +620,12 @@ def _build_coordinate_systems_preview(self) -> str:
             for cs_name in self.coordinate_systems:
                 tooltip = f"Elements: {elements_str}"
                 cs_parts.append(
-                    f'<span title="{escape_html(tooltip)}" style="'
-                    f"font-family:ui-monospace,monospace;font-size:11px;"
-                    f'color:var(--anndata-accent, #0d6efd);cursor:help;">'
-                    f"'{escape_html(cs_name)}'</span>"
+                    Markup(
+                        '<span title="{tooltip}" style="'
+                        "font-family:ui-monospace,monospace;font-size:11px;"
+                        'color:var(--anndata-accent, #0d6efd);cursor:help;">'
+                        "'{cs_name}'</span>"
+                    ).format(tooltip=tooltip, cs_name=cs_name)
                 )
 
             parts.append(", ".join(cs_parts))
@@ -640,7 +642,7 @@ def _build_images_section(self) -> str:
             for name, info in self.images.items():
                 # Build meta content (dimensions info) for the META column
                 dims_str = ", ".join(info.get("dims", ["y", "x"]))
-                meta = f'<span class="anndata-meta-info">[{dims_str}]</span>'
+                meta = Markup(f'<span class="anndata-meta-info">[{dims_str}]</span>')
 
                 # Create a FormattedEntry with FormattedOutput
                 entry = FormattedEntry(
@@ -648,16 +650,19 @@ def _build_images_section(self) -> str:
                     output=FormattedOutput(
                         type_name=f"DataArray {info['shape']} {info['dtype']}",
                         css_class="anndata-dtype--ndarray",
-                        preview_html=meta,  # Content in preview column (rightmost)
+                        preview_markup=meta,  # Content in preview column (rightmost)
                     ),
                 )
                 # render_formatted_entry() creates the table row HTML
                 rows.append(render_formatted_entry(entry))
 
-            # render_section() wraps rows in a collapsible section
+            # render_section() wraps rows in a collapsible section.
+            # Use Markup("\n").join so the joined result stays Markup — a
+            # plain str.join(...) would yield a bare str that Jinja autoescapes
+            # when render_section interpolates it.
             return render_section(
                 "images",
-                "\n".join(rows),
+                Markup("\n").join(rows),
                 n_items=len(self.images),
                 tooltip="Image data (xarray.DataArray)",
             )
@@ -667,21 +672,21 @@ def _build_labels_section(self) -> str:
             rows = []
             for name, info in self.labels.items():
                 dims_str = ", ".join(info.get("dims", ["y", "x"]))
-                meta = f'<span class="anndata-meta-info">[{dims_str}]</span>'
+                meta = Markup(f'<span class="anndata-meta-info">[{dims_str}]</span>')
 
                 entry = FormattedEntry(
                     key=name,
                     output=FormattedOutput(
                         type_name=f"Labels {info['shape']} {info['dtype']}",
                         css_class="anndata-dtype--ndarray",
-                        preview_html=meta,
+                        preview_markup=meta,
                     ),
                 )
                 rows.append(render_formatted_entry(entry))
 
             return render_section(
                 "labels",
-                "\n".join(rows),
+                Markup("\n").join(rows),
                 n_items=len(self.labels),
                 tooltip="Segmentation masks (xarray.DataArray)",
             )
@@ -690,21 +695,23 @@ def _build_points_section(self) -> str:
             """Build points section."""
             rows = []
             for name, info in self.points.items():
-                meta = f'<span class="anndata-meta-info">{info["n_dims"]}D coordinates</span>'
+                meta = Markup(
+                    f'<span class="anndata-meta-info">{info["n_dims"]}D coordinates</span>'
+                )
 
                 entry = FormattedEntry(
                     key=name,
                     output=FormattedOutput(
                         type_name=f"dask.DataFrame ({format_number(info['n_points'])} × {info['n_dims']})",
                         css_class="anndata-dtype--dataframe",
-                        preview_html=meta,
+                        preview_markup=meta,
                     ),
                 )
                 rows.append(render_formatted_entry(entry))
 
             return render_section(
                 "points",
-                "\n".join(rows),
+                Markup("\n").join(rows),
                 n_items=len(self.points),
                 tooltip="Point annotations (dask.DataFrame)",
             )
@@ -713,21 +720,23 @@ def _build_shapes_section(self) -> str:
             """Build shapes section."""
             rows = []
             for name, info in self.shapes.items():
-                meta = f'<span class="anndata-meta-info">{info["geometry_type"]}</span>'
+                meta = Markup(
+                    f'<span class="anndata-meta-info">{info["geometry_type"]}</span>'
+                )
 
                 entry = FormattedEntry(
                     key=name,
                     output=FormattedOutput(
                         type_name=f"GeoDataFrame ({format_number(info['n_shapes'])} shapes)",
                         css_class="anndata-dtype--dataframe",
-                        preview_html=meta,
+                        preview_markup=meta,
                     ),
                 )
                 rows.append(render_formatted_entry(entry))
 
             return render_section(
                 "shapes",
-                "\n".join(rows),
+                Markup("\n").join(rows),
                 n_items=len(self.shapes),
                 tooltip="Vector shapes (geopandas.GeoDataFrame)",
             )
@@ -750,20 +759,21 @@ def _build_tables_section(self) -> str:
                     show_search=False,
                 )
 
-                # FormattedOutput with expanded_html makes it collapsible
+                # FormattedOutput with expanded_markup makes it collapsible
                 entry = FormattedEntry(
                     key=name,
                     output=FormattedOutput(
                         type_name=f"AnnData ({adata.n_obs} × {adata.n_vars})",
                         css_class="anndata-dtype--anndata",
-                        expanded_html=nested_html,  # Makes the nested content collapsible
+                        # Makes the nested content collapsible
+                        expanded_markup=Markup(nested_html),
                     ),
                 )
                 rows.append(render_formatted_entry(entry))
 
             return render_section(
                 "tables",
-                "\n".join(rows),
+                Markup("\n").join(rows),
                 n_items=len(self.tables),
                 tooltip="Annotation tables (AnnData)",
             )
@@ -794,7 +804,7 @@ def _build_custom_sections(self) -> str:
                 rows = [render_formatted_entry(entry) for entry in entries]
                 section_html = render_section(
                     formatter.section_name,
-                    "\n".join(rows),
+                    Markup("\n").join(rows),
                     n_items=len(entries),
                     tooltip=getattr(formatter, "tooltip", ""),
                 )
@@ -1940,7 +1950,8 @@ def format(self, obj, context):
 
             return FormattedOutput(
                 type_name="analysis history",
-                preview_html="".join(html_parts),  # Use preview_html for inline preview
+                # preview_markup takes Markup — join the pre-escaped fragments
+                preview_markup=Markup("".join(html_parts)),
             )
 
     adata_uns = AnnData(np.zeros((10, 5)))
@@ -2330,7 +2341,7 @@ def format(self, obj, context):
             "<ul>"
             "<li><code>get_css()</code> / <code>get_javascript()</code> - reuse styling and interactivity</li>"
             "<li><code>render_section()</code> - create collapsible sections (images, labels, points, shapes, tables)</li>"
-            "<li><code>render_formatted_entry()</code> with <code>preview_html</code> - table rows with preview column</li>"
+            "<li><code>render_formatted_entry()</code> with <code>preview_markup</code> - table rows with preview column</li>"
             "<li><code>generate_repr_html()</code> - embed nested AnnData (see 'tables' section)</li>"
             "<li><code>FormatterRegistry</code> - custom 'transforms' section added via SectionFormatter</li>"
             "</ul>"
@@ -3217,7 +3228,7 @@ def format(self, obj, context):
 
             This produces a FormattedOutput with:
             - type_name: "category[registry] (n)" instead of just "category (n)"
-            - preview_html: Category values with validation indicators
+            - preview_markup: Category values with validation indicators
             - tooltip: Shows ontology ID and validation status
             - warnings: If unmapped values exist
             """
@@ -3236,24 +3247,27 @@ def format(self, obj, context):
 
             # Build preview with validation status
             categories = list(obj.cat.categories[:5])
+            cat_spans = [
+                Markup(
+                    '<span style="color: var(--anndata-category-color, #666);">{}</span>'
+                ).format(str(c))
+                for c in categories
+            ]
+            cat_html = Markup(", ").join(cat_spans)
+            if n_cats > 5:
+                cat_html += Markup(' <span style="color: #888;">...+{}</span>').format(
+                    n_cats - 5
+                )
             if validated:
                 # All values mapped - show green checkmark
-                cat_html = ", ".join(
-                    f'<span style="color: var(--anndata-category-color, #666);">{escape_html(str(c))}</span>'
-                    for c in categories
+                cat_html += Markup(
+                    ' <span style="color: #28a745;" title="All values validated">✓</span>'
                 )
-                if n_cats > 5:
-                    cat_html += f' <span style="color: #888;">...+{n_cats - 5}</span>'
-                cat_html += ' <span style="color: #28a745;" title="All values validated">✓</span>'
             else:
                 # Some unmapped values - show warning
-                cat_html = ", ".join(
-                    f'<span style="color: var(--anndata-category-color, #666);">{escape_html(str(c))}</span>'
-                    for c in categories
-                )
-                if n_cats > 5:
-                    cat_html += f' <span style="color: #888;">...+{n_cats - 5}</span>'
-                cat_html += f' <span style="color: #fd7e14;" title="{unmapped_count} unmapped values">⚠ {unmapped_count} unmapped</span>'
+                cat_html += Markup(
+                    ' <span style="color: #fd7e14;" title="{n} unmapped values">⚠ {n} unmapped</span>'
+                ).format(n=unmapped_count)
 
             # Build tooltip with full metadata
             tooltip_parts = [f"Registry: {registry}"]
@@ -3267,7 +3281,7 @@ def format(self, obj, context):
                 type_name=type_name,
                 css_class="anndata-dtype--category",
                 tooltip="\n".join(tooltip_parts),
-                preview_html=cat_html,
+                preview_markup=Markup(cat_html),
                 warnings=[]
                 if validated
                 else [f"{unmapped_count} values not mapped to ontology"],