I'm using Python's xml.dom.minidom to create an XML document. (Logical structure -> XML string, not the other way around.)
我使用Python的xml.dom。minidom创建一个XML文档。(逻辑结构-> XML字符串,而不是相反。)
How do I make it escape the strings I provide so they won't be able to mess up the XML?
我如何使它转义我提供的字符串,使它们不会弄乱XML?
5 个解决方案
#1
10
Do you mean you do something like this:
你的意思是你做这样的事:
from xml.dom.minidom import Text, Element
t = Text()
e = Element('p')
t.data = '<bar><a/><baz spam="eggs"> & blabla &entity;</>'
e.appendChild(t)
Then you will get nicely escaped XML string:
然后您将得到很好的转义XML字符串:
>>> e.toxml()
'<p><bar><a/><baz spam="eggs"> & blabla &entity;</></p>'
#2
61
Something like this?
是这样的吗?
>>> from xml.sax.saxutils import escape
>>> escape("< & >")
'< & >'
#3
8
xml.sax.saxutils.escape only escapes &, <, and > by default, but it does provide an entities parameter to additionally escape other strings:
sax.saxutils.escape默认情况下仅转义&、 <和> ,但它确实提供了一个实体参数来额外转义其他字符串:
from xml.sax.saxutils import escape
def xmlescape(data):
return escape(data, entities={
"'": "'",
"\"": """
})
xml.sax.saxutils.escape uses str.replace() internally, so you can also skip the import and write your own function, as shown in MichealMoser's answer.
escape在内部使用string .replace(),因此您也可以跳过导入并编写自己的函数,如MichealMoser的答案所示。
#4
6
xml.sax.saxutils does not escape quotation characters (")
sax。saxutils没有转义引号字符(")
So here is another one:
这是另一个例子
def escape( str ):
str = str.replace("&", "&")
str = str.replace("<", "<")
str = str.replace(">", ">")
str = str.replace("\"", """)
return str
if you look it up then xml.sax.saxutils only does string replace
如果您查找它,那么可以查找xml.sax。saxutils只做字符串替换
#5
3
If you don't want another project import and you already have cgi, you could use this:
如果你不想再导入一个项目,而且你已经有了cgi,你可以使用以下方法:
>>> import cgi
>>> cgi.escape("< & >")
'< & >'
Note however that with this code legibility suffers - you should probably put it in a function to better describe your intention: (and write unit tests for it while you are at it ;)
但是请注意,由于这种代码易读性的问题,您可能应该将它放在一个函数中,以便更好地描述您的意图:(并在处理它时为它编写单元测试;)
def xml_escape(s):
return cgi.escape(s) # escapes "<", ">" and "&"
#1
10
Do you mean you do something like this:
你的意思是你做这样的事:
from xml.dom.minidom import Text, Element
t = Text()
e = Element('p')
t.data = '<bar><a/><baz spam="eggs"> & blabla &entity;</>'
e.appendChild(t)
Then you will get nicely escaped XML string:
然后您将得到很好的转义XML字符串:
>>> e.toxml()
'<p><bar><a/><baz spam="eggs"> & blabla &entity;</></p>'
#2
61
Something like this?
是这样的吗?
>>> from xml.sax.saxutils import escape
>>> escape("< & >")
'< & >'
#3
8
xml.sax.saxutils.escape only escapes &, <, and > by default, but it does provide an entities parameter to additionally escape other strings:
sax.saxutils.escape默认情况下仅转义&、 <和> ,但它确实提供了一个实体参数来额外转义其他字符串:
from xml.sax.saxutils import escape
def xmlescape(data):
return escape(data, entities={
"'": "'",
"\"": """
})
xml.sax.saxutils.escape uses str.replace() internally, so you can also skip the import and write your own function, as shown in MichealMoser's answer.
escape在内部使用string .replace(),因此您也可以跳过导入并编写自己的函数,如MichealMoser的答案所示。
#4
6
xml.sax.saxutils does not escape quotation characters (")
sax。saxutils没有转义引号字符(")
So here is another one:
这是另一个例子
def escape( str ):
str = str.replace("&", "&")
str = str.replace("<", "<")
str = str.replace(">", ">")
str = str.replace("\"", """)
return str
if you look it up then xml.sax.saxutils only does string replace
如果您查找它,那么可以查找xml.sax。saxutils只做字符串替换
#5
3
If you don't want another project import and you already have cgi, you could use this:
如果你不想再导入一个项目,而且你已经有了cgi,你可以使用以下方法:
>>> import cgi
>>> cgi.escape("< & >")
'< & >'
Note however that with this code legibility suffers - you should probably put it in a function to better describe your intention: (and write unit tests for it while you are at it ;)
但是请注意,由于这种代码易读性的问题,您可能应该将它放在一个函数中,以便更好地描述您的意图:(并在处理它时为它编写单元测试;)
def xml_escape(s):
return cgi.escape(s) # escapes "<", ">" and "&"