0

I am prompting a user for input, but I have no idea how to include it in a python mail. This is the message field:

message = """\ 
Subject: Info
{input} """

The input is supposed to be where I put {input}, how do I implement it?

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
okok1
  • 15
  • 6
  • Use a f-string? `input = 'abc' ; message = f'''xxx{input}xxx'''` – mozway Jan 27 '22 at 08:51
  • For security reasons, make sure you clean (escape) the string before to insert it in your email. Otherwise your user could do XSS injection, or other attacks. – vinalti Jan 27 '22 at 09:20

2 Answers2

0

You can use the f-string formatting method, introduced with Python 3.6.

message = f"""\ 
Subject: Info
{input()} """
mkrieger1
  • 19,194
  • 5
  • 54
  • 65
FLAK-ZOSO
  • 3,873
  • 4
  • 8
  • 28
0

You can use an fstring since python 3.6 (just put a f before the """), but don't forget to escape the content of the input for security reasons. Here is an example with the html module, available since python 3.2 :

import html
# ...
message = f"""
Subject: Info
{html.escape(input)}
"""

Otherwise the old way is to use .format():

import html
# ...
message = f"""
Subject: Info
{}
""".format(html.escape(input))

if you are below version 3.2, then you can escape the input manually:

 text.replace('&', '&').replace('>', '>'
    ).replace('<','&lt;').replace('\'','&#39;'
    ).replace('"','&#34;').encode('ascii', 'xmlcharrefreplace')

But except if you have heavy restrictions on python version, you should be using a recent version of python 3.

you can check your python version with python --version and/or python3 --version

vinalti
  • 966
  • 5
  • 26