i have a <img src=__string__>
but string might contain ", what should I do to escape it?
Example:
__string__ = test".jpg
<img src="test".jpg">
doesn't work.
i have a <img src=__string__>
but string might contain ", what should I do to escape it?
Example:
__string__ = test".jpg
<img src="test".jpg">
doesn't work.
The best way to escape XML or HTML in python is probably with triple quotes. Note that you can also escape carriage returns.
"""<foo bar="1" baz="2" bat="3">
<ack/>
</foo>
"""
If the URL you're using (as an img
src here) might contain quotes, you should use URL quoting.
For python, use the urllib.quote method before passing the URL string to your template:
img_url = 'test".jpg'
__string__ = urllib.quote(img_url)
import cgi
s = cgi.escape('test".jpg', True)
http://docs.python.org/library/cgi.html#cgi.escape
Note that the True
flag tells it to escape double quotes. If you need to escape single quotes as well (if you're one of those rare individuals who use single quotes to surround html attributes) read the note in that documentation link about xml.sax.saxutils.quoteattr(). The latter does both kinds of quotes, though it is about three times as slow:
>>> timeit.Timer( "escape('asdf\"asef', True)", "from cgi import escape").timeit()
1.2772219181060791
>>> timeit.Timer( "quoteattr('asdf\"asef')", "from xml.sax.saxutils import quoteattr").timeit()
3.9785079956054688
If your value being escaped might contain quotes, the best thing is to use the quoteattr
method: http://docs.python.org/library/xml.sax.utils.html#module-xml.sax.saxutils
This is referenced right beneath the docs on the cgi.escape() method.