The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> Python Programming
|
Translating Python strings to HTML escape sequences
Discuss Translating Python strings to HTML escape sequences in the Python Programming forum on Dev Shed. Translating Python strings to HTML escape sequences Python Programming forum discussing coding techniques, tips and tricks, and Zope related information. Python was designed from the ground up to be a completely object-oriented programming language.
|
|
 |
|
|
|
|

Dev Shed Forums Sponsor:
|
|
|

March 30th, 2004, 07:55 PM
|
|
Contributing User
|
|
Join Date: Feb 2004
Posts: 71
 
Time spent in forums: 1 h 20 m 49 sec
Reputation Power: 10
|
|
Translating Python strings to HTML escape sequences
Hello.
I have a problem here, youre help is very appreciated.
I want to put data on html page and after posting it backto the server, reading it using cgi.FieldStorage() (GET).
It's all nice and easy BUT, What if the data contains ' and " ?!
I do it in the following way ( which doesn't work):
Let's say that the data to be saved on the HTML is:
{'entName':'phil'}
2. So I want the HTML to look like:
<input name =' Internal' type =' hidden'
value = ' {'entName': 'phil'}' > </input>
Do you see the problem? the GET will contain
http:balbala...?Internal={
and NOT the whole info.
3. I tried to replace ' and " with HTML escape sequences
the HTML is fine , the data that is sent back in the GET looks like:
%7B%92entName%92%3A+%92phil%92%7D
4. When I try to read it using cgi.FieldStorage() , I get
{.entName.:.phil.}
instead of ' {'entName': 'phil'}'
if you want full example. then copy the following (and view the
web server's error log file.....):
#!/usr/bin/python
import cgi
form = cgi.FieldStorage()
if form.has_key("dD"):
e = form['dD'].value
mydct = eval(str(e))
print DefsMod.HTTP_HEADER
print "<html><body>"+ mydct +"</body></html>"
else:
print DefsMod.HTTP_HEADER
print "<html><body><form name='d'"
print "<input type='submit' name='dD' value='{'entName':'phil'}'>"
print "</form></body></html>"
Thanks
Roy
Last edited by roypython : March 31st, 2004 at 02:07 AM.
|

March 31st, 2004, 02:21 AM
|
|
Contributing User
|
|
Join Date: Feb 2004
Location: London, England
|
|
Firstly, use the cgi.escape function.
From the manual:
Quote: escape( s[, quote])
Convert the characters "&", "<" and ">" in string s to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag quote is true, the double-quote character (""") is also translated; this helps for inclusion in an HTML attribute value, as in <A HREF="...">. If the value to be quoted might include single- or double-quote characters, or both, consider using the quoteattr() function in the xml.sax.saxutils module instead. |
try replacing
Code:
print "<input type='submit' name='dD' value='{‘entName’:‘phil’}'>"
with
Code:
print '<input type="submit" name="dD" value="%s">' % cgi.escape('{"entName":"phil"}', 1)
Note that I have swapped the single and double quotes, since the escape() function only escapes double quotes.
Secondly, the string returned by the cgi shows that the single quote character you are using is %92, which is not a valid ascii character - it is a ’ rather than a '. You often get this if you write your code in a word processor rather than a text editor - it will use that character to distinguish between opening and closing quotes. If you had used proper single quotes in your original example then it would have failed, since you had single quoted strings inside a single quoted string. i.e. if you had sent this to the browser:
<input ... value='{‘entName’:‘phil’}' >
it would have interpreted it as:
value = '{'
entname':'
phil'}'
which would have been a syntax error.
Dave - The Developers' Coach
|

March 31st, 2004, 03:39 PM
|
|
Contributing User
|
|
Join Date: Feb 2004
Posts: 71
 
Time spent in forums: 1 h 20 m 49 sec
Reputation Power: 10
|
|
|
Thanks
Thanks Dave,
as always your solutions work perferctly,
and saving the day 
|

April 1st, 2004, 02:28 AM
|
 |
Hello World :)
|
|
Join Date: Mar 2003
Location: Hull, UK
|
|
I may have missed something here but just incase. It just seems like a bad idea to be escaping special chars with html entities when it would make much more sence to do it with the from encoding... If you look back at my NET module (or scan though urllib) you should be able to see how its done from scatch...hopefully this will be some help to you.
If i did totaly miss something here then just ignore me  .
EDIT: You should always use double quotes inside html, well. This is the standard anyway. So...
Code:
<input type='submit' name='dD' value='{‘entName’:‘phil’}'>
should be writen like this
Code:
<input type="submit" name="dD" value="{‘entName’:‘phil’}">
Mark.
__________________
programming language development: www.netytan.com – Hula
Last edited by netytan : April 1st, 2004 at 02:36 AM.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|