EscapingSpecialHTMLCharacters

From XPUB & Lens-Based wiki

Escaping special HTML characters

Python: cgi.escape

You want to display text on a web page that might contain special characters, like "<" or ">" and want these to appear as is without being mis-interpreted as parts of an HTML tag. Use cgi.escape:

cgi.escape(text)


escape(s[, quote])


Convert the characters "&", "<" and ">" in string s to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag quote is true, the quotation mark character (") is also translated; this helps for inclusion in an HTML attribute value, as in <A HREF="...">. If the value to be quoted might include single- or double-quote characters, or both, consider using the quoteattr() function in the xml.sax.saxutils module instead.

source: http://docs.python.org/lib/node562.html

Python: xml.sax.saxutils

quoteattr(data entities)

Similar to escape(), but also prepares data to be used as an attribute value. The return value is a quoted version of data with any additional required replacements. quoteattr() will select a quote character based on the content of data, attempting to avoid encoding any quote characters in the string. If both single- and double-quote characters are already in data, the double-quote characters will be encoded and data will be wrapped in double-quotes. The resulting string can be used directly as an attribute value.

This function is useful when generating attribute values for HTML or any SGML using the reference concrete syntax.

keep in mind

  • do not put your %s in quotes, the quoteattr adds them for you
  • quoteattr expects data to be a string, and freaks out if you give it, for instance, an integer; if you have data that might be numeric, wrap it in str() before passing to quoteattr, as in quoteattr(str(foo))


escape(data entities)

Escape "&", "<", and ">" in a string of data.

You can escape other strings of data by passing a dictionary as the optional entities parameter. The keys and values must all be strings; each key will be replaced with its corresponding value.

unescape(data entities)

Unescape "&", "<", and ">" in a string of data.

You can unescape other strings of data by passing a dictionary as the optional entities parameter. The keys and values must all be strings; each key will be replaced with its corresponding value.

source: http://docs.python.org/lib/module-xml.sax.saxutils.html