Hello friends, often time we need to parse and remove the script tags in the save data to prevent from cross-site scripting or more commonly known as XSS. For that we need to write a regular expression and use that to make the script tag invalid. That is no more that case with Python. Lets see how in this article.
HTML escape and unescape in Python
HTML.escape and HTML.unescape are two methods present in the html library. These inbuilt methods are used to invalidate the script tag.
A hacker can insert the Javascript script tags along with client side code which he wants to execute on your web site and steal the information. If we are not handling the URL parameters or display of text fields in the website we could be in a serious problem.
Python programming language provides a very simple and less complicate way to handle the script tags.
We have to just use the html library. In this library there are two methods named escape and unescape which can do the job for you. Below is the code sample to invalidate script tag.
import html as h input = "" changedInput = h.escape(input, False) print("Escaped: " + changedInput) output = h.unescape(changedInput) print("Unchanged: " + output)
and the output of the above code is shown in the figure below:
It is as simple as that. No extra code to write a regular expression and to replace the script tag with some other character to make it invalid. Its very simple and easy.
Conclusion:
Python is a very easy programming language and it provides lot of libraries to make the job simple. Here in this article I have shown you example of one such library. This is the html library.
Leave a Reply