问题
I want to use XPath variables to match a user-defined tag and avoid XPath injection vulnerabilities. I have tried
from lxml import etree
etree.fromstring('<div><p>Hello</p></div>').xpath('.//$var', var='p')
but I get
XPathEvalError: Invalid expression
What am I doing wrong?
回答1:
You cannot use a variable as the node test part of a location step in an expression. It has to be a literal name. But you can use a wildcard and a predicate. The following works:
etree.fromstring('<div><p>Hello</p></div>').xpath('.//*[local-name() = $var]', var='p')
来源:https://stackoverflow.com/questions/42783305/xpath-variables-in-lxml