0

I'm programming a simple python script that if launched on localhost (with apache) it will generate an html page.

My script is this (test.py): 

#!/usr/bin/python
# -*- coding: utf-8 -*-
import cgitb 
cgitb.enable()
import cgi
form = cgi.FieldStorage()
print "Content-type: text/html\n\n"
x="hello"
y="world"
f= open('my.html', 'r').read()
print f.format(x=val1, y=val2)

This opens an html page that has a simple Javascript in the head element:

 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <title>Test html</title>
 <script type="text/javascript">
 $(document).ready(function() {
 $("#select1").change(function() {
 var selectedVal = $(this).find("option:selected").val();
 $("#select2 option").removeAttr("disabled").removeAttr("selected");
 $("#select2 option").each(function() {
 if($(this).val() != selectedVal && $(this).val() != -1)
 $(this).attr("disabled","disabled").removeAttr("selected"); 
 });
 });
 });
 </script>
 </head>

With a lot of code in the body. When I run the test.py it says: A problem occurred in a Python script. Here is the sequence of function calls leading up to the error, in the order they occurred.

 /Library/WebServer/CGI-Executables/test.py in ()
 181 
 182 
 184 f= open('my.html', 'r').read()
=> 185 print f.format(x=val1, y=val2)
f = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN...\n </form>\n <hr>\n </body>\n</html>', f.format = <built-in method format of str object>, val1 = 0, val2 = '','
<type 'exceptions.KeyError'>: '\n\t\t\t $("#select1")' 
 args = ('\n\t\t\t $("#select1")',) 
 message = '\n\t\t\t $("#select1")'

But if i delete the Javascript the python generates the html without problems, but i need that script.

How can i execute the script without error?

Damon
3,0207 gold badges26 silver badges28 bronze badges
asked Dec 8, 2013 at 18:58
3
  • What do you think f.format(x=val1, y=val2) does? Commented Dec 8, 2013 at 19:06
  • it assign the string "x" at the input box "val1". The same for y and val2. The val1 and val2 are declared in the HTML body! It's only a test, but how can i execute the javascript? Commented Dec 8, 2013 at 19:24
  • Make sure that the Javascript doesn't look like a broken format string, as the error is telling you. Also, you have an XSS hole. Commented Dec 8, 2013 at 19:27

1 Answer 1

1

I think the problem is that format expects anything between two French braces to be replaced by one of your format strings. In your case, then, it tries to lookup 

 $("#select1").change(function() {
 var selectedVal = $(this).find("option:selected").val();
 $("#select2 option").removeAttr("disabled").removeAttr("selected");
 $("#select2 option").each(function() {
 if($(this).val() != selectedVal && $(this).val() != -1)
 $(this).attr("disabled","disabled").removeAttr("selected");

as a key in the kwargs you passed. The solution, outlined here String format a JSON string gives KeyError is to use double braces. Your new html file then should look something like this:

 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <title>Test html</title>
 <script type="text/javascript">
 $(document).ready(function() {{
 $("#select1").change(function() {{
 var selectedVal = $(this).find("option:selected").val();
 $("#select2 option").removeAttr("disabled").removeAttr("selected");
 $("#select2 option").each(function() {{
 if($(this).val() != selectedVal && $(this).val() != -1)
 $(this).attr("disabled","disabled").removeAttr("selected"); 
 }});
 }});
 }});
 </script>
</head>

(Note the changes from '{' to '{{' and '}' to '}}'.)

Let me know if you have any follow up questions/something didn't work.

answered Dec 8, 2013 at 20:02
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.