在Python中转义特殊的HTML字符

在Python 3.2中，您可以使用html.escape函数，例如：

>>> string = """ Hello "XYZ" this 'is' a test & so on """
>>> import html
>>> html.escape(string)
' Hello "XYZ" this 'is' a test & so on '

对于Python早期版本，请查看http://wiki.python.org/moin/EscapingHtml：

The cgi module that comes with Python has an escape() function:

import cgi

s = cgi.escape( """& < >""" )   # s = "&amp; &lt; &gt;"

However, it doesn't escape characters beyond &, <, and >. If it is used as cgi.escape(string_to_escape, quote=True), it also escapes ".

---

Here's a small snippet that will let you escape quotes and apostrophes as well:

 html_escape_table = {
     "&": "&",
     '"': """,
     "'": "'",
     ">": ">",
     "<": "&lt;",
     }

 def html_escape(text):
     """Produce entities within text."""
     return "".join(html_escape_table.get(c,c) for c in text)

---

You can also use escape() from xml.sax.saxutils to escape html. This function should execute faster. The unescape() function of the same module can be passed the same arguments to decode a string.

from xml.sax.saxutils import escape, unescape
# escape() and unescape() takes care of &, < and >.
html_escape_table = {
    '"': "&quot;",
    "'": "&apos;"
}
html_unescape_table = {v:k for k, v in html_escape_table.items()}

def html_escape(text):
    return escape(text, html_escape_table)

def html_unescape(text):
    return unescape(text, html_unescape_table)

cgi.escape 方法将把特殊字符转换为有效的HTML标签。

 import cgi
 original_string = 'Hello "XYZ" this \'is\' a test & so on '
 escaped_string = cgi.escape(original_string, True)
 print original_string
 print escaped_string

会导致

Hello "XYZ" this 'is' a test & so on 
Hello "XYZ" this 'is' a test & so on 

在cgi.escape中，第二个参数是可选的，用于转义引号。默认情况下，不会转义引号。

一个简单的字符串函数就可以实现这个功能：

def escape(t):
    """HTML-escape the text in `t`."""
    return (t
        .replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
        .replace("'", "&#39;").replace('"', "&quot;")
        )

这个线程中的其他答案存在一些小问题：cgi.escape方法出于某种原因忽略单引号，您需要明确要求它做双引号。链接的维基页面使用XML实体'，而不是HTML实体，可以执行所有五个操作。

这个代码函数始终使用HTML标准实体执行所有五个操作。

这里的其他答案将有助于解决您列出的字符和一些其他内容。但是，如果您还希望将其他所有内容转换为实体名称，则需要做一些其他工作。例如，如果需要将á转换为á，那么cgi.escape和html.escape都无法帮助您。您需要使用html.entities.entitydefs的类似以下代码的方法，这只是一个字典。（以下代码是针对Python 3.x制作的，但是有部分尝试使其与2.x兼容以给您一个想法）：

# -*- coding: utf-8 -*-

import sys

if sys.version_info[0]>2:
    from html.entities import entitydefs
else:
    from htmlentitydefs import entitydefs

text=";\"áèïøæỳ" #This is your string variable containing the stuff you want to convert
text=text.replace(";", "$ஸ$") #$ஸ$ is just something random the user isn't likely to have in the document. We're converting it so it doesn't convert the semi-colons in the entity name into entity names.
text=text.replace("$ஸ$", ";") #Converting semi-colons to entity names

if sys.version_info[0]>2: #Using appropriate code for each Python version.
    for k,v in entitydefs.items():
        if k not in {"semi", "amp"}:
            text=text.replace(v, "&"+k+";") #You have to add the & and ; manually.
else:
    for k,v in entitydefs.iteritems():
        if k not in {"semi", "amp"}:
            text=text.replace(v, "&"+k+";") #You have to add the & and ; manually.

#The above code doesn't cover every single entity name, although I believe it covers everything in the Latin-1 character set. So, I'm manually doing some common ones I like hereafter:
text=text.replace("ŷ", "ŷ")
text=text.replace("Ŷ", "Ŷ")
text=text.replace("ŵ", "ŵ")
text=text.replace("Ŵ", "Ŵ")
text=text.replace("ỳ", "ỳ")
text=text.replace("Ỳ", "Ỳ")
text=text.replace("ẃ", "&wacute;")
text=text.replace("Ẃ", "&Wacute;")
text=text.replace("ẁ", "ẁ")
text=text.replace("Ẁ", "Ẁ")

print(text)
#Python 3.x outputs: ;"áèïøæỳ
#The Python 2.x version outputs the wrong stuff. So, clearly you'll have to adjust the code somehow for it.