1

Is there a way to escape all quotes and double quotes in a string?

For example if I have a string like this:

Hi my name is 'Shelby"

Is there a way to preprocess this to escape that string?

EDIT:

Maybe that wasn't the best approach to the problem. So here's what I'm actually trying to do, I have a tool that analyzes swf files, (namely swftools -> swfdump) But sometimes, some malicious swf files will contain html tags, and I'm outputting these results to a page. So is there a way to sanitize these html tags in python?

Sample of string:

 (    3 bytes) action: Push Lookup16:443 ("title_txt")
 (    0 bytes) action: GetMember
 (    6 bytes) action: Push Lookup16:444 ("htmlText") Lookup16:445 ("Please check your Log In info.")
 (    0 bytes) action: SetMember
 (   14 bytes) action: Push int:2 int:1 register:1 Lookup:30 ("login_mc")

For the part that says Please check your log info it's supposed to say: font color = '#ff0000'

Improve this question
5
  • What did you try that didn't work? Commented Jul 18, 2012 at 19:03
  • What are you escaping from? HTML? URL's? Javascript? SQL? Something else? Commented Jul 18, 2012 at 19:04
  • I'm just trying to process some data, and if I by chance feed in a string that contains both double and single quotes, python cuts it then and there. So I was curious if there's a way to escape the quotes, not manually. Commented Jul 18, 2012 at 19:12
  • 1
    Perhaps this is because I'm not familiar with swf files, but what you have in your updated post is one single string, and you are trying to locate and print out all of the strings enclosed in double quotes? Commented Jul 18, 2012 at 19:29
  • @Levon I'm just trying to find a way to sanitize html in such way that I can print the raw html code to the page instead of letting the browser interpret the html as html. Commented Jul 18, 2012 at 20:20

3 Answers 3

Reset to default
4

If you're just going for HTML sanitizing, you can try this:

This is probably the easiest approach if you want to add more escape types:

def escape(htmlstring):
    escapes = {'\"': '"',
               '\'': ''',
               '<': '&lt;',
               '>': '&gt;'}
    # This is done first to prevent escaping other escapes.
    htmlstring = htmlstring.replace('&', '&amp;')
    for seq, esc in escapes.iteritems():
        htmlstring = htmlstring.replace(seq, esc)
    return htmlstring

This replaces every instance of &, ', ", <, and > with their correct HTML escape codes.

More information on HTML escaping:

Wikipedia HTML Page

Every Escape imaginable

Happy Escaping!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

I think that the current approach is to use the html module.

import html
html.escape('Hi my name is \'Shelby\"')
Out: 'Hi my name is &#x27;Shelby&quot;'
Improve this answer

Comments

0

If you use a templating like Jinja or Genshi, they will do that for you already. All text which is embedded into the page will be properly escaped unless you explicitly tell it not to. When building web-pages, it might anyway be a good idea to use a templating-engine.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.