BUG: escaping <> in pandas HTML tables #2617

changhiskhan · changhiskhan · commit 1ae309dafcbc · 2013-01-19T20:45:32.000-05:00
diff --git a/pandas/core/common.py b/pandas/core/common.py
@@ -1304,7 +1304,7 @@ def _pprint_dict(seq, _nest_lvl=0):
     return fmt % ", ".join(pairs)
 
 
-def pprint_thing(thing, _nest_lvl=0, escape_chars=None):
+def pprint_thing(thing, _nest_lvl=0, escape_chars=None, default_escapes=False):
     """
     This function is the sanctioned way of converting objects
     to a unicode representation.
@@ -1316,8 +1316,13 @@ def pprint_thing(thing, _nest_lvl=0, escape_chars=None):
     ----------
     thing : anything to be formatted
     _nest_lvl : internal use only. pprint_thing() is mutually-recursive
-       with pprint_sequence, this argument is used to keep track of the
-       current nesting level, and limit it.
+        with pprint_sequence, this argument is used to keep track of the
+        current nesting level, and limit it.
+    escape_chars : list or dict, optional
+        Characters to escape. If a dict is passed the values are the
+        replacements
+    default_escapes : bool, default False
+        Whether the input escape characters replaces or adds to the defaults
 
     Returns
     -------
@@ -1355,7 +1360,14 @@ def pprint_thing(thing, _nest_lvl=0, escape_chars=None):
                      '\n': r'\n',
                      '\r': r'\r',
                      }
-        escape_chars = escape_chars or tuple()
+        if isinstance(escape_chars, dict):
+            if default_escapes:
+                translate.update(escape_chars)
+            else:
+                translate = escape_chars
+            escape_chars = escape_chars.keys()
+        else:
+            escape_chars = escape_chars or tuple()
         for c in escape_chars:
             result = result.replace(c, translate[c])
 
diff --git a/pandas/core/format.py b/pandas/core/format.py
@@ -486,20 +486,11 @@ def __init__(self, formatter, classes=None):
         self.frame = self.fmt.frame
         self.columns = formatter.columns
         self.elements = []
-
-        _bold_row = self.fmt.kwds.get('bold_rows', False)
-        _temp = '<strong>%s</strong>'
-
-        def _maybe_bold_row(x):
-            if _bold_row:
-                return ([_temp % y for y in x] if isinstance(x, tuple)
-                        else _temp % x)
-            else:
-                return x
-        self._maybe_bold_row = _maybe_bold_row
+        self.bold_rows = self.fmt.kwds.get('bold_rows', False)
 
     def write(self, s, indent=0):
-        self.elements.append(' ' * indent + com.pprint_thing(s))
+        rs = com.pprint_thing(s)
+        self.elements.append(' ' * indent + rs)
 
     def write_th(self, s, indent=0, tags=None):
         if (self.fmt.col_space is not None
@@ -517,11 +508,14 @@ def _write_cell(self, s, kind='td', indent=0, tags=None):
             start_tag = '<%s %s>' % (kind, tags)
         else:
             start_tag = '<%s>' % kind
+
+        esc = {'<' : r'&lt;', '>' : r'&gt;'}
+        rs = com.pprint_thing(s, escape_chars=esc)
         self.write(
-            '%s%s</%s>' % (start_tag, com.pprint_thing(s), kind), indent)
+            '%s%s</%s>' % (start_tag, rs, kind), indent)
 
     def write_tr(self, line, indent=0, indent_delta=4, header=False,
-                 align=None, tags=None):
+                 align=None, tags=None, nindex_levels=0):
         if tags is None:
             tags = {}
 
@@ -533,7 +527,7 @@ def write_tr(self, line, indent=0, indent_delta=4, header=False,
 
         for i, s in enumerate(line):
             val_tag = tags.get(i, None)
-            if header:
+            if header or (self.bold_rows and i < nindex_levels):
                 self.write_th(s, indent, tags=val_tag)
             else:
                 self.write_td(s, indent, tags=val_tag)
@@ -683,9 +677,10 @@ def _write_regular_rows(self, fmt_values, indent):
 
         for i in range(len(self.frame)):
             row = []
-            row.append(self._maybe_bold_row(index_values[i]))
+            row.append(index_values[i])
             row.extend(fmt_values[j][i] for j in range(ncols))
-            self.write_tr(row, indent, self.indent_delta, tags=None)
+            self.write_tr(row, indent, self.indent_delta, tags=None,
+                          nindex_levels=1)
 
     def _write_hierarchical_rows(self, fmt_values, indent):
         template = 'rowspan="%d" valign="top"'
@@ -706,27 +701,32 @@ def _write_hierarchical_rows(self, fmt_values, indent):
                 row = []
                 tags = {}
 
+                sparse_offset = 0
                 j = 0
                 for records, v in zip(level_lengths, idx_values[i]):
                     if i in records:
                         if records[i] > 1:
                             tags[j] = template % records[i]
                     else:
+                        sparse_offset += 1
                         continue
+
                     j += 1
-                    row.append(self._maybe_bold_row(v))
+                    row.append(v)
 
                 row.extend(fmt_values[j][i] for j in range(ncols))
-                self.write_tr(row, indent, self.indent_delta, tags=tags)
+                self.write_tr(row, indent, self.indent_delta, tags=tags,
+                              nindex_levels=len(levels) - sparse_offset)
         else:
             for i in range(len(frame)):
                 idx_values = zip(*frame.index.format(sparsify=False,
                                                      adjoin=False,
                                                      names=False))
                 row = []
-                row.extend(self._maybe_bold_row(x) for x in idx_values[i])
+                row.extend(idx_values[i])
                 row.extend(fmt_values[j][i] for j in range(ncols))
-                self.write_tr(row, indent, self.indent_delta, tags=None)
+                self.write_tr(row, indent, self.indent_delta, tags=None,
+                              nindex_levels=len(frame.index.nlevels))
 
 
 def _get_level_lengths(levels):
diff --git a/pandas/tests/test_format.py b/pandas/tests/test_format.py
@@ -249,6 +249,35 @@ def test_to_html_unicode(self):
         df = DataFrame({'A': [u'\u03c3']})
         df.to_html()
 
+    def test_to_html_escaped(self):
+        a = 'str<ing1'
+        b = 'stri>ng2'
+
+        test_dict = {'co<l1':{a:type(a), b:type(b)},'co>l2':{a:type(a), b:type(b)}}
+        rs = pd.DataFrame(test_dict).to_html()
+        xp = """<table border="1" class="dataframe">
+  <thead>
+    <tr style="text-align: right;">
+      <th></th>
+      <th>co&lt;l1</th>
+      <th>co&gt;l2</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <th>str&lt;ing1</th>
+      <td> &lt;type 'str'&gt;</td>
+      <td> &lt;type 'str'&gt;</td>
+    </tr>
+    <tr>
+      <th>stri&gt;ng2</th>
+      <td> &lt;type 'str'&gt;</td>
+      <td> &lt;type 'str'&gt;</td>
+    </tr>
+  </tbody>
+</table>"""
+        self.assertEqual(xp, rs)
+
     def test_to_html_multiindex_sparsify(self):
         index = pd.MultiIndex.from_arrays([[0, 0, 1, 1], [0, 1, 0, 1]],
                                           names=['foo', None])
@@ -273,24 +302,24 @@ def test_to_html_multiindex_sparsify(self):
   </thead>
   <tbody>
     <tr>
-      <td rowspan="2" valign="top"><strong>0</strong></td>
-      <td><strong>0</strong></td>
+      <th rowspan="2" valign="top">0</th>
+      <th>0</th>
       <td> 0</td>
       <td> 1</td>
     </tr>
     <tr>
-      <td><strong>1</strong></td>
+      <th>1</th>
       <td> 2</td>
       <td> 3</td>
     </tr>
     <tr>
-      <td rowspan="2" valign="top"><strong>1</strong></td>
-      <td><strong>0</strong></td>
+      <th rowspan="2" valign="top">1</th>
+      <th>0</th>
       <td> 4</td>
       <td> 5</td>
     </tr>
     <tr>
-      <td><strong>1</strong></td>
+      <th>1</th>
       <td> 6</td>
       <td> 7</td>
     </tr>
@@ -326,24 +355,24 @@ def test_to_html_multiindex_sparsify(self):
   </thead>
   <tbody>
     <tr>
-      <td rowspan="2" valign="top"><strong>0</strong></td>
-      <td><strong>0</strong></td>
+      <th rowspan="2" valign="top">0</th>
+      <th>0</th>
       <td> 0</td>
       <td> 1</td>
     </tr>
     <tr>
-      <td><strong>1</strong></td>
+      <th>1</th>
       <td> 2</td>
       <td> 3</td>
     </tr>
     <tr>
-      <td rowspan="2" valign="top"><strong>1</strong></td>
-      <td><strong>0</strong></td>
+      <th rowspan="2" valign="top">1</th>
+      <th>0</th>
       <td> 4</td>
       <td> 5</td>
     </tr>
     <tr>
-      <td><strong>1</strong></td>
+      <th>1</th>
       <td> 6</td>
       <td> 7</td>
     </tr>
@@ -368,22 +397,22 @@ def test_to_html_index_formatter(self):
   </thead>
   <tbody>
     <tr>
-      <td><strong>a</strong></td>
+      <th>a</th>
       <td> 0</td>
       <td> 1</td>
     </tr>
     <tr>
-      <td><strong>b</strong></td>
+      <th>b</th>
       <td> 2</td>
       <td> 3</td>
     </tr>
     <tr>
-      <td><strong>c</strong></td>
+      <th>c</th>
       <td> 4</td>
       <td> 5</td>
     </tr>
     <tr>
-      <td><strong>d</strong></td>
+      <th>d</th>
       <td> 6</td>
       <td> 7</td>
     </tr>
@@ -795,7 +824,7 @@ def test_to_html(self):
     def test_to_html_with_no_bold(self):
         x = DataFrame({'x': randn(5)})
         ashtml = x.to_html(bold_rows=False)
-        assert('<strong>' not in ashtml)
+        assert('<strong>' not in ashtml[ashtml.find('</thead>')])
 
     def test_to_html_columns_arg(self):
         result = self.frame.to_html(columns=['A'])
@@ -824,14 +853,14 @@ def test_to_html_multiindex(self):
                     '  </thead>\n'
                     '  <tbody>\n'
                     '    <tr>\n'
-                    '      <td><strong>0</strong></td>\n'
+                    '      <th>0</th>\n'
                     '      <td> a</td>\n'
                     '      <td> b</td>\n'
                     '      <td> c</td>\n'
                     '      <td> d</td>\n'
                     '    </tr>\n'
                     '    <tr>\n'
-                    '      <td><strong>1</strong></td>\n'
+                    '      <th>1</th>\n'
                     '      <td> e</td>\n'
                     '      <td> f</td>\n'
                     '      <td> g</td>\n'
@@ -866,14 +895,14 @@ def test_to_html_multiindex(self):
                     '  </thead>\n'
                     '  <tbody>\n'
                     '    <tr>\n'
-                    '      <td><strong>0</strong></td>\n'
+                    '      <th>0</th>\n'
                     '      <td> a</td>\n'
                     '      <td> b</td>\n'
                     '      <td> c</td>\n'
                     '      <td> d</td>\n'
                     '    </tr>\n'
                     '    <tr>\n'
-                    '      <td><strong>1</strong></td>\n'
+                    '      <th>1</th>\n'
                     '      <td> e</td>\n'
                     '      <td> f</td>\n'
                     '      <td> g</td>\n'
@@ -901,19 +930,19 @@ def test_to_html_justify(self):
                     '  </thead>\n'
                     '  <tbody>\n'
                     '    <tr>\n'
-                    '      <td><strong>0</strong></td>\n'
+                    '      <th>0</th>\n'
                     '      <td>     6</td>\n'
                     '      <td>     1</td>\n'
                     '      <td> 223442</td>\n'
                     '    </tr>\n'
                     '    <tr>\n'
-                    '      <td><strong>1</strong></td>\n'
+                    '      <th>1</th>\n'
                     '      <td> 30000</td>\n'
                     '      <td>     2</td>\n'
                     '      <td>      0</td>\n'
                     '    </tr>\n'
                     '    <tr>\n'
-                    '      <td><strong>2</strong></td>\n'
+                    '      <th>2</th>\n'
                     '      <td>     2</td>\n'
                     '      <td> 70000</td>\n'
                     '      <td>      1</td>\n'
@@ -935,19 +964,19 @@ def test_to_html_justify(self):
                     '  </thead>\n'
                     '  <tbody>\n'
                     '    <tr>\n'
-                    '      <td><strong>0</strong></td>\n'
+                    '      <th>0</th>\n'
                     '      <td>     6</td>\n'
                     '      <td>     1</td>\n'
                     '      <td> 223442</td>\n'
                     '    </tr>\n'
                     '    <tr>\n'
-                    '      <td><strong>1</strong></td>\n'
+                    '      <th>1</th>\n'
                     '      <td> 30000</td>\n'
                     '      <td>     2</td>\n'
                     '      <td>      0</td>\n'
                     '    </tr>\n'
                     '    <tr>\n'
-                    '      <td><strong>2</strong></td>\n'
+                    '      <th>2</th>\n'
                     '      <td>     2</td>\n'
                     '      <td> 70000</td>\n'
                     '      <td>      1</td>\n'
