PROGRAMMING

  MINTE9
REMEMBERS




Escape

! Prevent xss attacks with html escape. 
 
"""XSS
Prevent cross site scriting attacks.
Escape html tags with html library.
"""
import html

s1 = """& < " ' >"""
o1 = html.escape(s1)
print(o1)
    # &amp; &lt; &quot; &#x27; &gt;

s2 = "<script>alert('hack');</script>"
o2 = html.escape(s2)
print(o2)
    # &lt;script&gt;alert(&#x27;hack&#x27;);&lt;/script&gt;

assert o1 == '&amp; &lt; &quot; &#x27; &gt;'
assert o2 == '&lt;script&gt;alert(&#x27;hack&#x27;);&lt;/script&gt;'

print("pass")

XML

The sax library escape should execute faster. 
 
"""XSS 
Prevent cross site scriting attacks.
Escape xml tags.
"""
from xml.sax.saxutils import escape
from xml.sax.saxutils import quoteattr

s1 = '< & >'
o1 = escape(s1)
print(o1)
    # &lt; &amp; &gt;

s2 = "a ' b"
o2 = quoteattr(s2)
print(o2)
    # "a ' b"

assert o1 == '&lt; &amp; &gt;'
assert o2 == '"a \' b"'

print('pass')

Questions     github Strings
Lists
        A B C D E F
🔔
1/1