tornado.escape
— Escaping and string manipulation¶
Escaping/unescaping methods for HTML, JSON, URLs, and others.
Also includes a few other miscellaneous string manipulation functions that have crept in over time.
Escaping functions¶
-
tornado.escape.
xhtml_escape
(value)[source]¶ Escapes a string so it is valid within HTML or XML.
Escapes the characters
<
,>
,"
,'
, and&
. When used in attribute values the escaped strings must be enclosed in quotes.Changed in version 3.2: Added the single quote to the list of escaped characters.
-
tornado.escape.
url_escape
(value, plus=True)[source]¶ Returns a URL-encoded version of the given value.
If
plus
is true (the default), spaces will be represented as “+” instead of “%20”. This is appropriate for query strings but not for the path component of a URL. Note that this default is the reverse of Python’s urllib module.New in version 3.1: The
plus
argument
-
tornado.escape.
url_unescape
(value, encoding='utf-8', plus=True)[source]¶ Decodes the given value from a URL.
The argument may be either a byte or unicode string.
If encoding is None, the result will be a byte string. Otherwise, the result is a unicode string in the specified encoding.
If
plus
is true (the default), plus signs will be interpreted as spaces (literal plus signs must be represented as “%2B”). This is appropriate for query strings and form-encoded values but not for the path component of a URL. Note that this default is the reverse of Python’s urllib module.New in version 3.1: The
plus
argument
Byte/unicode conversions¶
These functions are used extensively within Tornado itself, but should not be directly needed by most applications. Note that much of the complexity of these functions comes from the fact that Tornado supports both Python 2 and Python 3.
-
tornado.escape.
utf8
(value)[source]¶ Converts a string argument to a byte string.
If the argument is already a byte string or None, it is returned unchanged. Otherwise it must be a unicode string and is encoded as utf8.
-
tornado.escape.
to_unicode
(value)[source]¶ Converts a string argument to a unicode string.
If the argument is already a unicode string or None, it is returned unchanged. Otherwise it must be a byte string and is decoded as utf8.
-
tornado.escape.
native_str
()¶ Converts a byte or unicode string into type
str
. Equivalent toutf8
on Python 2 andto_unicode
on Python 3.
-
tornado.escape.
to_basestring
(value)[source]¶ Converts a string argument to a subclass of basestring.
In python2, byte and unicode strings are mostly interchangeable, so functions that deal with a user-supplied argument in combination with ascii string constants can use either and should return the type the user supplied. In python3, the two types are not interchangeable, so this method is needed to convert byte strings to unicode.
Miscellaneous functions¶
-
tornado.escape.
linkify
(text, shorten=False, extra_params='', require_protocol=False, permitted_protocols=['http', 'https'])[source]¶ Converts plain text into HTML with links.
For example:
linkify("Hello http://tornadoweb.org!")
would returnHello <a href="http://tornadoweb.org">http://tornadoweb.org</a>!
Parameters:
shorten
: Long urls will be shortened for display.extra_params
: Extra text to include in the link tag, or a callabletaking the link as an argument and returning the extra text e.g.
linkify(text, extra_params='rel="nofollow" class="external"')
, or:def extra_params_cb(url): if url.startswith("http://example.com"): return 'class="internal"' else: return 'class="external" rel="nofollow"' linkify(text, extra_params=extra_params_cb)
require_protocol
: Only linkify urls which include a protocol. Ifthis is False, urls such as www.facebook.com will also be linkified.
permitted_protocols
: List (or set) of protocols which should belinkified, e.g.
linkify(text, permitted_protocols=["http", "ftp", "mailto"])
. It is very unsafe to include protocols such asjavascript
.