Escape html in python?

问题:

i have a but string might contain ", what should I do to escape it?

Example:

__string__ = test".jpg 

doesn't work.

回答1:

If your value being escaped might contain quotes, the best thing is to use the quoteattr method: http://docs.python.org/library/xml.sax.utils.html#module-xml.sax.saxutils

This is referenced right beneath the docs on the cgi.escape() method.

回答2:

In Python 3.2 a new html module was introduced, which is used for escaping reserved characters from HTML markup.

It has one function html.escape(s, quote=True). If the optional flag quote is true, the characters (") and (') are also translated.

Usage:

>>> import html >>> html.escape('x > 2 && x 

回答3:

import cgi s = cgi.escape('test".jpg', True) 

http://docs.python.org/library/cgi.html#cgi.escape

Note that the True flag tells it to escape double quotes. If you need to escape single quotes as well (if you're one of those rare individuals who use single quotes to surround html attributes) read the note in that documentation link about xml.sax.saxutils.quoteattr(). The latter does both kinds of quotes, though it is about three times as slow:

>>> timeit.Timer( "escape('asdf\"asef', True)", "from cgi import escape").timeit() 1.2772219181060791 >>> timeit.Timer( "quoteattr('asdf\"asef')", "from xml.sax.saxutils import quoteattr").timeit() 3.9785079956054688 

回答4:

If the URL you're using (as an img src here) might contain quotes, you should use URL quoting.

For python, use the urllib.quote method before passing the URL string to your template:

img_url = 'test".jpg' __string__ = urllib.quote(img_url) 

回答5:

The best way to escape XML or HTML in python is probably with triple quotes. Note that you can also escape carriage returns.

""" """ 

文章来源: Escape html in python?