All geek questions in one place

Escape html in python?

I have <img src=__string__> , but the string may contain "what should I do to avoid it?

Example:

 __string__ = test".jpg <img src="test".jpg">

does not work.

+4
source share
5 answers

If your value will be escaped, it may contain quotation marks, it is best to use the quoteattr method: http://docs.python.org/library/xml.sax.utils.html#module-xml.sax.saxutils

This is indicated right below the docs of the cgi.escape () method.

+11
source

In Python 3.2, a new html module has been added that is used to escape reserved characters from HTML markup.

It has one function html.escape(s, quote=True) . If the optional flag quote is correct, the characters (") and (') also translated.

Using:

 >>> import html >>> html.escape('x > 2 && x < 7') 'x &gt; 2 &amp;&amp; x &lt; 7'
+11
source 
 import cgi s = cgi.escape('test".jpg', True)

http://docs.python.org/library/cgi.html#cgi.escape

Note that the True flag indicates that it escapes double quotes. If you need to avoid single quotes (if you are one of those rare people who use single quotes to surround html attributes), read the note in this documentation at xml.sax.saxutils.quoteattr (). The latter does both kinds of quotes, although it is about three times slower:

 >>> timeit.Timer( "escape('asdf\"asef', True)", "from cgi import escape").timeit() 1.2772219181060791 >>> timeit.Timer( "quoteattr('asdf\"asef')", "from xml.sax.saxutils import quoteattr").timeit() 3.9785079956054688
+5
source

If the URL you are using (as img src here) may contain quotation marks, you should use quoting URLs.

For python, use urllib.quote before passing the URL string to your template:

 img_url = 'test".jpg' __string__ = urllib.quote(img_url)
+2
source

The best way to avoid XML or HTML in python is probably triple quotes. Please note that you can also avoid carriage returns.

 """<foo bar="1" baz="2" bat="3"> <ack/> </foo> """
-3
source

Source: https://habr.com/ru/post/1313566/

More articles:


All Articles