pythonformsvalidationinputsanitization

Python Input Sanitization


I need to do some very quick-n-dirty input sanitizing and I would like to basically convert all <, > to &lt;, &gt;.

I'd like to achieve the same results as '<script></script>'.replace('<', '&lt;').replace('>', '&gt;') without having to iterate the string multiple times. I know about maketrans in conjunction with str.translate (ie. http://www.tutorialspoint.com/python/string_translate.htm) but this only converts from 1 char to another char. In other words, one cannot do something like:

inList = '<>'
outList = ['&lt;', '&gt;']
transform = maketrans(inList, outList)

Is there a builtin function that can do this conversion in a single iteration?

I'd like to use builtin capabilities as opposed to external modules. I already know about Bleach.


Solution

  • Use html.escape() - cgi.escape() is deprecated in Python 3.

    import html
    input = '<>&'
    output = html.escape(input)
    print(output)
    
    &lt;&gt;&amp;