Translating Python strings to HTML escape sequences

Hello.
I have a problem here, youre help is very appreciated.
I want to put data on html page and after posting it backto the server, reading it using cgi.FieldStorage() (GET).
It's all nice and easy BUT, What if the data contains ' and " ?!

I do it in the following way ( which doesn't work):
Let's say that the data to be saved on the HTML is:
{'entName':'phil'}
2. So I want the HTML to look like:
<input name =' Internal' type =' hidden'
value = ' {'entName': 'phil'}' > </input>
Do you see the problem? the GET will contain
http:balbala...?Internal={
and NOT the whole info.
3. I tried to replace ' and " with HTML escape sequences
the HTML is fine , the data that is sent back in the GET looks like:
%7B%92entName%92%3A+%92phil%92%7D
4. When I try to read it using cgi.FieldStorage() , I get
{.entName.:.phil.}
instead of ' {'entName': 'phil'}'

if you want full example. then copy the following (and view the
web server's error log file.....):

#!/usr/bin/python
import cgi

form = cgi.FieldStorage()
if form.has_key("dD"):
e = form['dD'].value
mydct = eval(str(e))
print DefsMod.HTTP_HEADER
print "<html><body>"+ mydct +"</body></html>"
else:

print DefsMod.HTTP_HEADER
print "<html><body><form name='d'"
print "<input type='submit' name='dD' value='{'entName':'phil'}'>"
print "</form></body></html>"


Thanks
Roy

Firstly, use the cgi.escape function.

From the manual:



try replacing



with



Note that I have swapped the single and double quotes, since the escape() function only escapes double quotes.

Secondly, the string returned by the cgi shows that the single quote character you are using is %92, which is not a valid ascii character - it is a ’ rather than a '. You often get this if you write your code in a word processor rather than a text editor - it will use that character to distinguish between opening and closing quotes. If you had used proper single quotes in your original example then it would have failed, since you had single quoted strings inside a single quoted string. i.e. if you had sent this to the browser:

<input ... value='{‘entName’:‘phil’}' >

it would have interpreted it as:

value = '{'
entname':'
phil'}'

which would have been a syntax error.

Dave - The Developers' Coach

Thanks Dave,
as always your solutions work perferctly,
and saving the day

I may have missed something here but just incase. It just seems like a bad idea to be escaping special chars with html entities when it would make much more sence to do it with the from encoding... If you look back at my NET module (or scan though urllib) you should be able to see how its done from scatch...hopefully this will be some help to you.

If i did totaly miss something here then just ignore me .

EDIT: You should always use double quotes inside html, well. This is the standard anyway. So...

should be writen like this


Mark.