代码生成错误的HTML代码
[英]code generating incorrect HTML code
问题描述
Input:- 
输入:
CRlist
[['CR', 'FA', 'CL', 'TITLE'], ['409452', 'WLAN', '656885', 'Age out RSSI values from buffer in Beacon miss scenario'], ['379104', 'BT', '656928', 'CR379104: BT doesn\xe2\x80\x99t work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.']]
I have the following pythong code to generate HTML code but its generating an output which am not expecting,I pring the array values before which seem to have right data here but while using.format something is getting messedup..can anyone point what is wrong here? 我有以下pythong代码生成HTML代码,但其生成的输出不期望,我在此之前对数组值进行预加载,似乎在这里具有正确的数据,但是在使用.format时会变得混乱..任何人都可以指出这是哪里错了这里?
for i in range(len(CRlist)):
if i==0:
continue
for j in range(len(CRlist[0])):
print "i"
print i
print "j"
print j
print "CRlist[i][j]"
print CRlist[i][j]//right data here
CRstring += """
<tr>
<td><a href="{CR}">{CR}</a></td>
<td>{FA}</td>
<td>{CL}</td>
<td>{Title}</td>
</tr>""".format(
CR=CRlist[i][j],
FA=CRlist[i][j],
CL=CRlist[i][j],
Title=CRlist[i][j],
)
CRstring += "\n</table>\n"
My expectation of output but is getting created incorrectly 我对输出的期望但是被错误地创建
<tr>
<td><a href="409452">409452</a></td>
<td>WLAN</td>
<td>656885</td>
<td>Age out RSSI values from buffer in Beacon miss scenario</td>
</tr>
..............
Actual output,as you can the row cell data is redundant 实际输出,可以的话行单元格数据是多余的
<tr>
<td><a href="409452">409452</a></td>
<td>409452</td>
<td>409452</td>
<td>409452</td>
</tr>
<tr>
<td><a href="WLAN">WLAN</a></td>
<td>WLAN</td>
<td>WLAN</td>
<td>WLAN</td>
</tr>
<tr>
<td><a href="656885">656885</a></td>
<td>656885</td>
<td>656885</td>
<td>656885</td>
</tr>
<tr>
<td><a href="Age out RSSI values from buffer in Beacon miss scenario">Age out RSSI values from buffer in Beacon miss scenario</a></td>
<td>Age out RSSI values from buffer in Beacon miss scenario</td>
<td>Age out RSSI values from buffer in Beacon miss scenario</td>
<td>Age out RSSI values from buffer in Beacon miss scenario</td>
</tr>
<tr>
<td><a href="379104">379104</a></td>
<td>379104</td>
<td>379104</td>
<td>379104</td>
</tr>
<tr>
<td><a href="BT">BT</a></td>
<td>BT</td>
<td>BT</td>
<td>BT</td>
</tr>
<tr>
<td><a href="656928">656928</a></td>
<td>656928</td>
<td>656928</td>
<td>656928</td>
</tr>
<tr>
<td><a href="CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.">CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</a></td>
<td>CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</td>
<td>CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</td>
<td>CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</td>
</tr>
/table>
=========PLlist========== ========= PLlist ==========
1 个解决方案
解决方案1
0 已采纳 2012-11-08 03:55:05
This code supplies the same value to each template variable: 此代码为每个模板变量提供相同的值:
CR=CRlist[i][j],
FA=CRlist[i][j],
CL=CRlist[i][j],
Title=CRlist[i][j],
Obviously, that does not work as you intended. 显然,这并没有按您预期的那样工作。 Here's another way of writing it: 这是另一种写法:
TEMPLATE = """
<tr>
<td><a href="{CR}">{CR}</a></td>
<td>{FA}</td>
<td>{CL}</td>
<td>{Title}</td>
</tr>
"""
for i, item in enumerate(CRlist):
if i == 0:
continue
CRstring += TEMPLATE.format(
CR=item[0],
FA=item[1],
CL=item[2],
Title=item[3],
)
CRstring += "\n</table>\n"
You could even remove the i and enumerate bits by slicing the list: 您甚至可以通过切片列表来删除i并enumerate位:
for item in CRList[1:]:
CRstring += # ...
Since you're generating HTML and are using user input (I assume, at least) and aren't escaping the HTML, you've got an XSS vulnerability. 由于您正在生成HTML并使用了用户输入(至少,我认为是这样),并且没有转义HTML,因此您有一个XSS漏洞。 Let's fix that, too: 我们也修复它:
# near the top of the file:
import cgi
# later...
# ...
CRstring += TEMPLATE.format(
CR=cgi.escape(item[0]),
FA=cgi.escape(item[1]),
# ...
)
Further improvements 进一步的改进
That's all well and fine, but as someone pointed out in the comments, you may be better off using a real template engine. 一切都很好,但是正如有人在评论中指出的那样,使用真正的模板引擎可能会更好。 I like Jinja2 , personally. 我个人喜欢Jinja2 。 Here's how you'd do that: 这是您的处理方式:
{%- for item in cr_list[1:] %}
<tr>
<td><a href="{{ item[0] | escape }}">{{ item[0] | escape }}</a></td>
<td>{{ item[1] | escape }}</td>
<td>{{ item[2] | escape }}</td>
<td>{{ item[3] | escape }}</td>
</tr>
{%- endfor %}
</table>
Furthermore, you may want to put your data into objects. 此外,您可能希望将数据放入对象中。 For example: 例如:
class CREntry(object):
def __init__(self, cr, fa, cl, title):
self.cr = cr
self.fa = fa
self.cl = cl
self.title = title
Then you can convert it quite simply: 然后,您可以非常简单地将其转换:
entries = [CREntry(*entry) for entry in CRlist[1:]]
Then your code becomes much more clear, being able to reference entry.title rather than item[3] . 然后,您的代码将变得更加清晰,能够引用entry.title而不是item[3] 。
You may also want to use the normal Python conventions as outlined in PEP 8 . 您可能还想使用PEP 8中概述的常规Python约定。
If you've got that done, your code looks like this: 如果您已完成此操作,则代码如下所示:
import jinja2
env = jinja2.Environment(autoescape=True) # no more | escape everywhere!
template = env.from_string(r"""
{%- for entry in entries %}
<tr>
<td><a href="{{ entry.cr }}">{{ entry.cr }}</a></td>
<td>{{ entry.fa }}</td>
<td>{{ entry.cl }}</td>
<td>{{ entry.title }}</td>
</tr>
{%- endfor %}
</table>
""")
class CREntry(object):
# ...
# later...
entries = [CREntry(*entry) for entry in cr_list]
cr_string = template.render(entries=entries)
A little more code elsewhere, but less when you're actually generating the HTML, and I'd say it's much more maintainable. 其他地方的代码更多,但是实际上生成HTML的代码更少,我想说它更易于维护。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.