insert html into ElementTree without parsing it
Stefan Behnel
stefan_ml at behnel.de
Sat Mar 1 09:26:09 EST 2014
graeme.pietersz at gmail.com, 24.02.2014 10:45:
> I am building HTML pages using ElementTree.
> I need to insert chunks of untrusted HTML into the page. I do not need or want to parse this, just insert it at a particular point as is.
How would you want to find out if it can be safely inserted or not without
parsing it?
> The best solutions I can think of are rather ugly ones: manipulating the string created by tostring.
>
> Is there a nicer way of doing this? Is it possible, for example, to customise how an element is converted to a string representation? I am open to using something else (e.g. lxml) if necessary.
lxml has a tool to discard potentially unsafe content from HTML files:
http://lxml.de/lxmlhtml.html#cleaning-up-html
Stefan
More information about the Python-list
mailing list