#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    71
    Rep Power
    11

    Red face Translating Python strings to HTML escape sequences


    Hello.
    I have a problem here, youre help is very appreciated.
    I want to put data on html page and after posting it backto the server, reading it using cgi.FieldStorage() (GET).
    It's all nice and easy BUT, What if the data contains ' and " ?!

    I do it in the following way ( which doesn't work):
    Let's say that the data to be saved on the HTML is:
    {'entName':'phil'}
    2. So I want the HTML to look like:
    <input name =' Internal' type =' hidden'
    value = ' {'entName': 'phil'}' > </input>
    Do you see the problem? the GET will contain
    http:balbala...?Internal={
    and NOT the whole info.
    3. I tried to replace ' and " with HTML escape sequences
    the HTML is fine , the data that is sent back in the GET looks like:
    %7B%92entName%92%3A+%92phil%92%7D
    4. When I try to read it using cgi.FieldStorage() , I get
    {.entName.:.phil.}
    instead of ' {'entName': 'phil'}'

    if you want full example. then copy the following (and view the
    web server's error log file.....):

    #!/usr/bin/python
    import cgi

    form = cgi.FieldStorage()
    if form.has_key("dD"):
    e = form['dD'].value
    mydct = eval(str(e))
    print DefsMod.HTTP_HEADER
    print "<html><body>"+ mydct +"</body></html>"
    else:

    print DefsMod.HTTP_HEADER
    print "<html><body><form name='d'"
    print "<input type='submit' name='dD' value='{'entName':'phil'}'>"
    print "</form></body></html>"


    Thanks
    Roy
    Last edited by roypython; March 31st, 2004 at 02:07 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2004
    Location
    London, England
    Posts
    1,585
    Rep Power
    1373
    Firstly, use the cgi.escape function.

    From the manual:

    escape( s[, quote])

    Convert the characters "&", "<" and ">" in string s to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag quote is true, the double-quote character (""") is also translated; this helps for inclusion in an HTML attribute value, as in <A HREF="...">. If the value to be quoted might include single- or double-quote characters, or both, consider using the quoteattr() function in the xml.sax.saxutils module instead.
    try replacing

    Code:
    print "<input type='submit' name='dD' value='{‘entName’:‘phil’}'>"
    with

    Code:
    print '<input type="submit" name="dD" value="%s">' % cgi.escape('{"entName":"phil"}', 1)
    Note that I have swapped the single and double quotes, since the escape() function only escapes double quotes.

    Secondly, the string returned by the cgi shows that the single quote character you are using is %92, which is not a valid ascii character - it is a ’ rather than a '. You often get this if you write your code in a word processor rather than a text editor - it will use that character to distinguish between opening and closing quotes. If you had used proper single quotes in your original example then it would have failed, since you had single quoted strings inside a single quoted string. i.e. if you had sent this to the browser:

    <input ... value='{‘entName’:‘phil’}' >

    it would have interpreted it as:

    value = '{'
    entname':'
    phil'}'

    which would have been a syntax error.

    Dave - The Developers' Coach
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    71
    Rep Power
    11

    Thanks


    Thanks Dave,
    as always your solutions work perferctly,
    and saving the day
  6. #4
  7. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    I may have missed something here but just incase. It just seems like a bad idea to be escaping special chars with html entities when it would make much more sence to do it with the from encoding... If you look back at my NET module (or scan though urllib) you should be able to see how its done from scatch...hopefully this will be some help to you.

    If i did totaly miss something here then just ignore me .

    EDIT: You should always use double quotes inside html, well. This is the standard anyway. So...
    Code:
    <input type='submit' name='dD' value='{‘entName’:‘phil’}'>
    should be writen like this
    Code:
    <input type="submit" name="dD" value="{‘entName’:‘phil’}">
    Mark.
    Last edited by netytan; April 1st, 2004 at 02:36 AM.
    programming language development: www.netytan.com Hula


IMN logo majestic logo threadwatch logo seochat tools logo