graeme.piete...@gmail.com, 24.02.2014 10:45: > I am building HTML pages using ElementTree. > I need to insert chunks of untrusted HTML into the page. I do not need or > want to parse this, just insert it at a particular point as is.
How would you want to find out if it can be safely inserted or not without parsing it? > The best solutions I can think of are rather ugly ones: manipulating the > string created by tostring. > > Is there a nicer way of doing this? Is it possible, for example, to customise > how an element is converted to a string representation? I am open to using > something else (e.g. lxml) if necessary. lxml has a tool to discard potentially unsafe content from HTML files: http://lxml.de/lxmlhtml.html#cleaning-up-html Stefan -- https://mail.python.org/mailman/listinfo/python-list