HTML encoding decoding with python

Question

I am sending encoded HTML to my python ajax handler by jQuery. Here is my jQuery code:

var animal_data = encodeURI( $('#animal-list-table').html() ); // something like this: %0A%20%20%20%20%20%20%20%20
mydata = 'action=send_mail&animal_data='+animal_data
$.ajax({
    type: 'POST',
    url: '/customer/templates/slakteweb/ajax-handler',
    data: mydata,
    processData: false,
    success: function(result){
        console.log(result);
    }
});

In the ajax handler, I have tried like this:

import urllib
animal_data = site.param('animal_data')
animal_data_html = urllib.unquote(animal_data).decode('utf8')

But I wanted to print the HTML tags and everything so that I can send it as HTML email. What is the best way to do that?

http://stackoverflow.com/questions/2087370/decode-html-entities-in-python-string — Prashant, Nov 25 '15 at 09:15

score 0 · Answer 1 · answered Nov 25 '15 at 09:23

For POST data you don't need the encodeURI function, since POST data is not sent as part of the URI/URL. If you don't do that you don't need to decode anything on the server side either.

It's generally a very bad idea not validating the input you get from untrusted source (here: browser). Even if you think you do the whole coding on client-side, consider it unsafe. Long story short: the best and commonly used way is parsing the content as plain text, not HTML.

HTML encoding decoding with python

1 Answers1