52 lines
1.0 KiB
Python
52 lines
1.0 KiB
Python
html_escaping = {
|
|
"<": "<",
|
|
">": ">",
|
|
"\"": """
|
|
}
|
|
|
|
|
|
|
|
def decode_url(url):
|
|
i = 0
|
|
end = len(url)
|
|
|
|
decode_buffer = ''
|
|
char_buffer = bytearray()
|
|
|
|
while i < end:
|
|
if url[i] == '%':
|
|
try:
|
|
char_buffer.append(int(f'0x{url[i+1:i+3]}', 16))
|
|
decode_buffer += char_buffer.decode("UTF-8")
|
|
del char_buffer[:]
|
|
i += 3
|
|
except:
|
|
i += 3
|
|
elif url[i] == "+":
|
|
decode_buffer += " "
|
|
i += 1
|
|
else:
|
|
decode_buffer += url[i]
|
|
i += 1
|
|
|
|
return decode_buffer
|
|
|
|
def parse_query(query):
|
|
query_items = [i for i in query.split("&") if i]
|
|
|
|
query_dict = {}
|
|
for i in query_items:
|
|
k, v = i.split("=")
|
|
query_dict[decode_url(k)] = decode_url(v)
|
|
|
|
return query_dict
|
|
|
|
def escape_sql_string(s):
|
|
return s.replace("'", "''")
|
|
|
|
def escape_html(s):
|
|
for k, v in html_escaping.items():
|
|
s = s.replace(k, v)
|
|
|
|
return s
|