Python Input Sanitization

Question 1

Python Input Sanitization

python forms validation input sanitization

notorious.no · Aug 17, 2015 · Viewed 21.7k times · Source

Answer

Answer

You can use cgi.escape()

import cgi
inlist = '<>'
transform = cgi.escape(inlist)
print transform

Output:

&lt;&gt;

https://docs.python.org/2/library/cgi.html#cgi.escape

cgi.escape(s[, quote]) Convert the characters '&', '<' and '>' in string s to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag quote is true, the quotation mark character (") is also translated; this helps for inclusion in an HTML attribute value delimited by double quotes, as in . Note that single quotes are never translated.

Question 2

I need to do some very quick-n-dirty input sanitizing and I would like to basically convert all <, > to <, >.

I'd like to achieve the same results as '<script></script>'.replace('<', '<').replace('>', '>') without having to iterate the string multiple times. I know about maketrans in conjunction with str.translate (ie. http://www.tutorialspoint.com/python/string_translate.htm) but this only converts from 1 char to another char. In other words, one cannot do something like:

inList = '<>'
outList = ['&lt;', '&gt;']
transform = maketrans(inList, outList)

Is there a builtin function that can do this conversion in a single iteration?

I'd like to use builtin capabilities as opposed to external modules. I already know about Bleach.

Python Input Sanitization

Answer

Related questions