ansaurus

Question

How to properly escape output (for XHTML) in mako?

Answer 1

+1 A:

It is not necessary to convert Unicode characters to the &#xxxx; form to work in HTML unless you're deliberately using the ASCII charset. It's simpler and more efficient to escape named entities, then encode the whole string to UTF-8 and write it out like that. You should probably declare the encoding being used in the HTTP headers or in a <meta> tag.

EDIT:

It seems to validate if I use the file offline. Could this be a Content-Type problem?

Yes. You can either use HTTP headers to enforce a UTF-8 charset or specify it in the HTML directly via a meta tag:

<meta http-equiv="Content-Type" content="application/xhtml+xml;charset=utf-8" />

Max Shawabkeh 2010-01-24 03:40:11

I wish it was that simple, but it's not. I *am* using UTF-8 and it won't validate.

Draemon 2010-01-24 03:58:49

Validates fine as XHTML Strict. HTML 4 does have problems with it though. Do you need it to be non-X HTML?

Max Shawabkeh 2010-01-24 04:05:46

It's XHTML Strict, UTF-8 and is detected as such correctly by the online and offline w3c validators. But the online validator tells me "You have used an illegal character in your text. HTML uses the standard UNICODE Consortium character repertoire"

Draemon 2010-01-24 04:40:16

I could not reproduce it. Using validate-by-upload validates fine for a file that has a `\u0092` (`\xC2\x92` in UTF-8) character in the middle of its body.

Max Shawabkeh 2010-01-24 04:46:48

still fails. I'm having to use a local copy of the w3c validator (v0.7.4) to test the live internal dev site (which is serving it as plain/html in the headers for some reason). If I can find a way to change the headers I will, otherwise at least I know it will validate once it's actually live.

Draemon 2010-01-24 05:02:13

nope. Changing the headers worked (it's now being served as application/xhtml) but still fails. I guess it's a validator bug.

Draemon 2010-01-24 05:07:29

Answer 2

A:

Validation issues aside, it's useful to be able to remove these characters (which don't display reliably anyway) without necessarily escaping anything else. To this end I added the following function to `lib/helpers.py':

__sgml_invalid = re.compile(r'[\x82-\x8c\x91-\x9c\x9f]', re.UNICODE)

def sgmlsafe(text):
    lookup = {
        130:"&#8218;",    #Single Low-9 Quotation Mark
        131: "&#402;",    #Latin Small Letter F With Hook
        132:"&#8222;",    #Double Low-9 Quotation Mark
        133:"&#8230;",    #Horizontal Ellipsis
        134:"&#8224;",    #Dagger
        135:"&#8225;",    #Double Dagger
        136: "&#710;",    #Modifier Letter Circumflex Accent
        137:"&#8240;",    #Per Mille Sign
        138: "&#352;",    #Latin Capital Letter S With Caron
        139:"&#8249;",    #Single Left-Pointing Angle Quotation Mark
        140: "&#338;",    #Latin Capital Ligature OE
        145:"&#8216;",    #Left Single Quotation Mark
        146:"&#8217;",    #Right Single Quotation Mark
        147:"&#8220;",    #Left Double Quotation Mark
        148:"&#8221;",    #Right Double Quotation Mark
        149:"&#8226;",    #Bullet
        150:"&#8211;",    #En Dash
        151:"&#8212;",    #Em Dash
        152: "&#732;",    #Small Tilde
        153:"&#8482;",    #Trade Mark Sign
        154: "&#353;",    #Latin Small Letter S With Caron
        155:"&#8250;",    #Single Right-Pointing Angle Quotation Mark
        156: "&#339;",    #Latin Small Ligature OE
        159: "&#376;"     #Latin Capital Letter Y With Diaeresis
        }

    return __sgml_invalid.sub(lambda x: lookup[ord(x.group())], text)

And you can make this available as a filter by editing environment.py:

config['pylons.app_globals'].mako_lookup = TemplateLookup(
    ...
    imports=[....,'from appname.lib.helpers import sgmlsafe',...]

It should then be available to your templates:

${c.content|n,sgmlsafe}

Draemon 2010-01-24 05:17:11

ansaurus

tags:

views:

answers:

How to properly escape output (for XHTML) in mako?

related questions