[Kwpolska]

All JSON serializers worth their salt can serialize a single string to JSON, so the simplest way is to do json.dumps(the_string) and mark the string as safe so that it doesn't get escaped twice.

[GICodeWarrior]

Simple JSON encoding alone is not sufficient if you put the output into a <script> tag.

<script>const user_input = "</script><script>alert(1)//"; ...