Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #66973 > unrolled thread

insert html into ElementTree without parsing it

Back to article view | Back to comp.lang.python

Contents

  insert html into ElementTree without parsing it graeme.pietersz@gmail.com - 2014-02-24 01:45 -0800
    Re: insert html into ElementTree without parsing it Stefan Behnel <stefan_ml@behnel.de> - 2014-03-01 15:26 +0100

#66973 — insert html into ElementTree without parsing it

I am building HTML pages using ElementTree.

I need to insert chunks of untrusted HTML into the page. I do not need or want to parse this, just insert it at a particular point as is.

The best solutions I can think of are rather ugly ones: manipulating the string created by tostring.

Is there a nicer way of doing this? Is it possible, for example, to customise how an element is converted to a string representation? I am open to using something else (e.g. lxml) if necessary.

[toc] | [next] | [standalone]

#67315

graeme.pietersz@gmail.com, 24.02.2014 10:45:
> I am building HTML pages using ElementTree.
> I need to insert chunks of untrusted HTML into the page. I do not need or want to parse this, just insert it at a particular point as is.

How would you want to find out if it can be safely inserted or not without
parsing it?


> The best solutions I can think of are rather ugly ones: manipulating the string created by tostring.
> 
> Is there a nicer way of doing this? Is it possible, for example, to customise how an element is converted to a string representation? I am open to using something else (e.g. lxml) if necessary.

lxml has a tool to discard potentially unsafe content from HTML files:

http://lxml.de/lxmlhtml.html#cleaning-up-html

Stefan

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web