错误的HTML代码生成码

2024-06-17 10:59:38 发布

您现在位置:Python中文网/ 问答频道 /正文
8815 3

你知道吗输入:-你知道吗

   CRlist
  [['CR', 'FA', 'CL', 'TITLE'], ['409452', 'WLAN', '656885', 'Age out RSSI values from buffer in Beacon miss scenario'], ['379104', 'BT', '656928', 'CR379104: BT doesn\xe2\x80\x99t work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.']]

我有下面的pythong代码来生成HTML代码,但是它生成了一个不期望的输出,我在数组值之前弹了弹,在这里似乎有正确的数据,但是使用.format有什么事搞砸了…有人能指出哪里不对吗?你知道吗

for i in range(len(CRlist)):
    if i==0:
        continue
    for j in range(len(CRlist[0])):
        print "i"
        print i
        print "j"
        print j
        print "CRlist[i][j]"
        print CRlist[i][j]//right data here
        CRstring += """
        <tr>
        <td><a href="{CR}">{CR}</a></td>
        <td>{FA}</td>
        <td>{CL}</td>
        <td>{Title}</td>
        </tr>""".format(
            CR=CRlist[i][j],
            FA=CRlist[i][j],
            CL=CRlist[i][j],
            Title=CRlist[i][j],
            )
CRstring += "\n</table>\n"

我对输出的期望值,但创建得不正确

   <tr>
   <td><a href="409452">409452</a></td>
   <td>WLAN</td>
   <td>656885</td>
   <td>Age out RSSI values from buffer in Beacon miss scenario</td>
   </tr>
    ..............

实际输出,因为行单元格数据是冗余的

                   <tr>
                   <td><a href="409452">409452</a></td>
                   <td>409452</td>
                   <td>409452</td>
                   <td>409452</td>
                   </tr>
                   <tr>
                   <td><a href="WLAN">WLAN</a></td>
                   <td>WLAN</td>
                   <td>WLAN</td>
                   <td>WLAN</td>
                   </tr>
                   <tr>
                   <td><a href="656885">656885</a></td>
                   <td>656885</td>
                   <td>656885</td>
                   <td>656885</td>
                   </tr>
                   <tr>
                   <td><a href="Age out RSSI values from buffer in Beacon miss scenario">Age out RSSI values from buffer in Beacon miss scenario</a></td>
                   <td>Age out RSSI values from buffer in Beacon miss scenario</td>
                   <td>Age out RSSI values from buffer in Beacon miss scenario</td>
                   <td>Age out RSSI values from buffer in Beacon miss scenario</td>
                   </tr>
                   <tr>
                   <td><a href="379104">379104</a></td>
                   <td>379104</td>
                   <td>379104</td>
                   <td>379104</td>
                   </tr>
                   <tr>
                   <td><a href="BT">BT</a></td>
                   <td>BT</td>
                   <td>BT</td>
                   <td>BT</td>
                   </tr>
                   <tr>
                   <td><a href="656928">656928</a></td>
                   <td>656928</td>
                   <td>656928</td>
                   <td>656928</td>
                   </tr>
                   <tr>
                   <td><a href="CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.">CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</a></td>
                   <td>CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</td>
                   <td>CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</td>
                   <td>CR379104: BT doesnΓÇÖt work that Riva neither sends HCI Evt for HID ACL data nor response to HCI_INQUIRY after entering into pseudo sniff subrating mode.</td>
                   </tr>
/table>

==========PLlist===========


Tags: infromforagebufferouttrtd
1条回答
网友
1楼 · 发布于 2024-06-17 10:59:38

此代码为每个模板变量提供相同的值:

CR=CRlist[i][j],
FA=CRlist[i][j],
CL=CRlist[i][j],
Title=CRlist[i][j],

显然,这并不是你想要的。下面是另一种写作方式:

TEMPLATE = """
    <tr>
    <td><a href="{CR}">{CR}</a></td>
    <td>{FA}</td>
    <td>{CL}</td>
    <td>{Title}</td>
    </tr>
"""

for i, item in enumerate(CRlist):
    if i == 0:
        continue

    CRstring += TEMPLATE.format(
        CR=item[0],
        FA=item[1],
        CL=item[2],
        Title=item[3],
    )

CRstring += "\n</table>\n"

您甚至可以通过切片列表来删除ienumerate位:

for item in CRList[1:]:
    CRstring += # ...

由于您正在生成HTML,并且正在使用用户输入(至少我认为是这样),并且没有转义HTML,因此您就有了XSS漏洞。我们也来解决这个问题:

# near the top of the file:
import cgi

# later...
# ...
CRstring += TEMPLATE.format(
    CR=cgi.escape(item[0]),
    FA=cgi.escape(item[1]),
    # ...
)

进一步改进

这很好,但正如有人在评论中指出的那样,使用真正的模板引擎可能会更好。我个人喜欢Jinja2。以下是您的做法:

    {%- for item in cr_list[1:] %}
        <tr>
            <td><a href="{{ item[0] | escape }}">{{ item[0] | escape }}</a></td>
            <td>{{ item[1] | escape }}</td>
            <td>{{ item[2] | escape }}</td>
            <td>{{ item[3] | escape }}</td>
        </tr>
    {%- endfor %}
</table>

此外,您可能希望将数据放入对象中。例如:

class CREntry(object):
    def __init__(self, cr, fa, cl, title):
        self.cr = cr
        self.fa = fa
        self.cl = cl
        self.title = title

然后你可以很简单地转换它:

entries = [CREntry(*entry) for entry in CRlist[1:]]

这样您的代码就变得更加清晰,能够引用entry.title而不是item[3]。你知道吗

您可能还希望使用PEP 8中概述的常规Python约定。你知道吗

如果您已经完成了,那么您的代码如下所示:

import jinja2

env = jinja2.Environment(autoescape=True)  # no more | escape everywhere!

template = env.from_string(r"""
        {%- for entry in entries %}
            <tr>
                <td><a href="{{ entry.cr }}">{{ entry.cr }}</a></td>
                <td>{{ entry.fa }}</td>
                <td>{{ entry.cl }}</td>
                <td>{{ entry.title }}</td>
            </tr>
        {%- endfor %}
    </table>
""")

class CREntry(object):
    # ...

# later...
entries = [CREntry(*entry) for entry in cr_list]
cr_string = template.render(entries=entries)

其他地方的代码要多一点,但实际生成HTML时要少一点,而且我想说,它的可维护性要高很多。你知道吗

相关问题 更多 >

    编程相关推荐