Hello Chris,
thanks for your answer! But just kicking out all line breaks is a little
harsh, since in my case the description is mostly a few lines long with 2
or 3 paragraphs. And I had the problem already solved by this procedure and
the call as described in my question:
def str_replace(string, replacement_dict):
> if not isinstance(string, str):
> string = str(string)
> pattern = re.compile('|'.join([re.escape(k) for k in
> list(replacement_dict.keys())]), re.M)
> return pattern.sub(lambda x: replacement_dict[x.group(0)], string)
>
And this solution worked very well with python 2.7, having even line breaks
in link titles. Then I moved to python 3.6 and the problem was there. Thus,
I think, that the XML sanitizer under Python 3.6 is the problem, since it
can't handle
Do you have any other ideas?
Best regards
Clemens
On Wednesday, February 12, 2020 at 12:08:17 PM UTC+1, Christian Varas wrote:
>
> I had an issue with line breaks too, I remove lie breaks like this with
> python 3.7
>
> some_string = some_string.replace(“\n”, ””).replace(“\r”, ””)
>
> XML(some_string, sanitize=True)
>
> Cheers
> Chris
>
> El El mié, 12 de feb. de 2020 a la(s) 04:37, Clemens <
> [email protected] <javascript:>> escribió:
>
>> Hello!
>>
>> In my web2py app I’m processing a list of items, where the user can click
>> on a link for each item to select this. An item has an UUID, a title and a
>> description. For a better orientation the item description is also
>> displayed as link title. To prevent injections by and to escape tags in the
>> description I’m using the XML sanitizer as follows:
>>
>> A(this_item.title, \
>> callback = URL('item', 'select', \
>> vars=dict(uuid=this_item.uuid), user_signature=True), \
>> _title=XML(str_replace(this_item.description, {'\r\n':' ',
>> '<':'<', '>':'>'}), sanitize=True))
>>
>> Using Python 2.7 everything was fine. Since I have switched to Python 3.6
>> I have the following problem. When the description contains line breaks the
>> sanitizer is not working anymore. For example the following string produces
>> by my str_replace routine is fine to be sanitized by the XML helper under
>> Python 2.7 but not under Python 3.6:
>>
>> Header Line1 Line2 Line3
>>>
>>
>> Sanitizing line breaks escaped by is the problem with Python 3 (but
>> not with Python 2). Everything else is no problem for the XML helper to
>> sanitize (e.g. less than or greater than, I need these, since if there is
>> no description it is generated as <no description>).
>>
>> How can be line breaks sanitized by the XML helper running web2py under
>> Python3?
>>
>> Thanks for any support!
>>
>> Best regards Clemens
>>
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/web2py/319d22e0-d1be-452c-8c25-d1ec76df1a5e%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/web2py/319d22e0-d1be-452c-8c25-d1ec76df1a5e%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/64244a11-0964-4e44-9b75-e9d9e8d33f83%40googlegroups.com.
