If you are using a web framework and a template engine like Jinja2 there is a chance that the template engine or the framework has something built in just for that.

如果你正在使用一个 web 框架和一个像 Jinja2 这样的模板引擎，那么模板引擎或框架有可能为此内置了一些东西。

There is something in the cgi module that can help you:

cgi 模块中有一些东西可以帮助你：

cgi.escape('malicious code here'), see: http://docs.python.org/library/cgi.html#cgi.escape

cgi.escape('malicious code here')，见：http: //docs.python.org/library/cgi.html#cgi.escape

Also Jinja2 provides escaping:

Jinja2 还提供转义：

from jinja2 import utils
str(utils.escape('malicious code here'))

You can easily code XSS-defense in Python, see for example http://code.activestate.com/recipes/496942/for an instructive and usable piece of code.

您可以轻松地在 Python 中编写 XSS 防御，例如，请参阅http://code.activestate.com/recipes/496942/以获取有指导意义且可用的代码段。

The Strip-o-Gramlibrary looks quite nice. I haven't checked it out properly, but it looks like it does things well (i.e. can whitelist HTML tags you specify, as well as HTML-escaping anything nasty).

该地带邻革兰氏图书馆看起来相当不错。我没有正确检查它，但看起来它做得很好（即可以将您指定的 HTML 标签列入白名单，以及对任何讨厌的东西进行 HTML 转义）。

Here's the example usage snippet, quoted from that page:

这是从该页面引用的示例用法片段：

  from stripogram import html2text, html2safehtml
  mylumpofdodgyhtml # a lump of dodgy html ;-)
  # Only allow <b>, <a>, <i>, <br>, and <p> tags
  mylumpofcoolcleancollectedhtml = html2safehtml(mylumpofdodgyhtml,valid_tags=("b", "a", "i", "br", "p"))
  # Don't process <img> tags, just strip them out. Use an indent of 4 spaces 
  # and a page that's 80 characters wide.
  mylumpoftext = html2text(mylumpofcoolcleancollectedhtml,ignore_tags=("img",),indent_width=4,page_width=80)

Hope that helps.

希望有帮助。