# python – Turn a string into a valid filename?

## The Question :

317 people think this question is useful

I have a string that I want to use as a filename, so I want to remove all characters that wouldn’t be allowed in filenames, using Python.

I’d rather be strict than otherwise, so let’s say I want to retain only letters, digits, and a small set of other characters like "_-.() ". What’s the most elegant solution?

The filename needs to be valid on multiple operating systems (Windows, Linux and Mac OS) – it’s an MP3 file in my library with the song title as the filename, and is shared and backed up between 3 machines.

• Shouldn’t this be built into the os.path module?
• Perhaps, although her use case would require a single path that’s safe across all platforms, not just the current one, which is something os.path isn’t designed to handle.
• To expand on the above comment: the current design of os.path actually loads a different library depending on the os (see the second note in the documentation). So if a quoting function was implemented in os.path it could only quote the string for POSIX-safety when running on a POSIX system or for windows-safety when running on windows. The resulting filename would not necessarily be valid across both windows and POSIX, which is what the question asks for.

182 people think this answer is useful

You can look at the Django framework for how they create a “slug” from arbitrary text. A slug is URL- and filename- friendly.

The Django text utils define a function, slugify(), that’s probably the gold standard for this kind of thing. Essentially, their code is the following.

import unicodedata
import re

def slugify(value, allow_unicode=False):
"""
Taken from https://github.com/django/django/blob/master/django/utils/text.py
Convert to ASCII if 'allow_unicode' is False. Convert spaces or repeated
dashes to single dashes. Remove characters that aren't alphanumerics,
underscores, or hyphens. Convert to lowercase. Also strip leading and
trailing whitespace, dashes, and underscores.
"""
value = str(value)
if allow_unicode:
value = unicodedata.normalize('NFKC', value)
else:
value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore').decode('ascii')
value = re.sub(r'[^\w\s-]', '', value.lower())
return re.sub(r'[-\s]+', '-', value).strip('-_')



And the older version:

def slugify(value):
"""
Normalizes string, converts to lowercase, removes non-alpha characters,
and converts spaces to hyphens.
"""
import unicodedata
value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore')
value = unicode(re.sub('[^\w\s-]', '', value).strip().lower())
value = unicode(re.sub('[-\s]+', '-', value))
# ...
return value



There’s more, but I left it out, since it doesn’t address slugification, but escaping.

115 people think this answer is useful

You can use list comprehension together with the string methods.

>>> s
'foo-bar#baz?qux@127/\\9]'
>>> "".join(x for x in s if x.isalnum())
'foobarbazqux1279'



108 people think this answer is useful

This whitelist approach (ie, allowing only the chars present in valid_chars) will work if there aren’t limits on the formatting of the files or combination of valid chars that are illegal (like “..”), for example, what you say would allow a filename named ” . txt” which I think is not valid on Windows. As this is the most simple approach I’d try to remove whitespace from the valid_chars and prepend a known valid string in case of error, any other approach will have to know about what is allowed where to cope with Windows file naming limitations and thus be a lot more complex.

>>> import string
>>> valid_chars = "-_.() %s%s" % (string.ascii_letters, string.digits)
>>> valid_chars
'-_.() abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
>>> filename = "This Is a (valid) - filename%$&amp;$ .txt"
>>> ''.join(c for c in filename if c in valid_chars)
'This Is a (valid) - filename .txt'



97 people think this answer is useful

What is the reason to use the strings as file names? If human readability is not a factor I would go with base64 module which can produce file system safe strings. It won’t be readable but you won’t have to deal with collisions and it is reversible.

import base64
file_name_string = base64.urlsafe_b64encode(your_string)



Update: Changed based on Matthew comment.

41 people think this answer is useful

Just to further complicate things, you are not guaranteed to get a valid filename just by removing invalid characters. Since allowed characters differ on different filenames, a conservative approach could end up turning a valid name into an invalid one. You may want to add special handling for the cases where:

• The string is all invalid characters (leaving you with an empty string)

• You end up with a string with a special meaning, eg “.” or “..”

• On windows, certain device names are reserved. For instance, you can’t create a file named “nul”, “nul.txt” (or nul.anything in fact) The reserved names are:

CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9

You can probably work around these issues by prepending some string to the filenames that can never result in one of these cases, and stripping invalid characters.

28 people think this answer is useful

There is a nice project on Github called python-slugify:

Install:

pip install python-slugify



Then use:

>>> from slugify import slugify
>>> txt = "This\ is/ a%#$test ---" >>> slugify(txt) 'this-is-a-test'  ## The Answer 7 26 people think this answer is useful Just like S.Lott answered, you can look at the Django Framework for how they convert a string to a valid filename. The most recent and updated version is found in utils/text.py, and defines “get_valid_filename”, which is as follows: def get_valid_filename(s): s = str(s).strip().replace(' ', '_') return re.sub(r'(?u)[^-\w.]', '', s)  ## The Answer 8 21 people think this answer is useful This is the solution I ultimately used: import unicodedata validFilenameChars = "-_.() %s%s" % (string.ascii_letters, string.digits) def removeDisallowedFilenameChars(filename): cleanedFilename = unicodedata.normalize('NFKD', filename).encode('ASCII', 'ignore') return ''.join(c for c in cleanedFilename if c in validFilenameChars)  The unicodedata.normalize call replaces accented characters with the unaccented equivalent, which is better than simply stripping them out. After that all disallowed characters are removed. My solution doesn’t prepend a known string to avoid possible disallowed filenames, because I know they can’t occur given my particular filename format. A more general solution would need to do so. ## The Answer 9 14 people think this answer is useful Keep in mind, there are actually no restrictions on filenames on Unix systems other than • It may not contain \0 • It may not contain / Everything else is fair game. $ touch "
> even multiline
> haha
> ^[[31m red ^[[0m
> evil"
$ls -la -rw-r--r-- 0 Nov 17 23:39 ?even multiline?haha??[31m red ?[0m?evil$ ls -lab
-rw-r--r--       0 Nov 17 23:39 \neven\ multiline\nhaha\n\033[31m\ red\ \033[0m\nevil
$perl -e 'for my$i ( glob(q{./*even*}) ){ print $i; } ' ./ even multiline haha red evil  Yes, i just stored ANSI Colour Codes in a file name and had them take effect. For entertainment, put a BEL character in a directory name and watch the fun that ensues when you CD into it 😉 ## The Answer 10 12 people think this answer is useful In one line: valid_file_name = re.sub('[^\w_.)( -]', '', any_string)  you can also put ‘_’ character to make it more readable (in case of replacing slashs, for example) ## The Answer 11 7 people think this answer is useful You could use the re.sub() method to replace anything not “filelike”. But in effect, every character could be valid; so there are no prebuilt functions (I believe), to get it done. import re str = "File!name?.txt" f = open(os.path.join("/tmp", re.sub('[^-a-zA-Z0-9_.() ]+', '', str))  Would result in a filehandle to /tmp/filename.txt. ## The Answer 12 7 people think this answer is useful >>> import string >>> safechars = bytearray(('_-.()' + string.digits + string.ascii_letters).encode()) >>> allchars = bytearray(range(0x100)) >>> deletechars = bytearray(set(allchars) - set(safechars)) >>> filename = u'#ab\xa0c.$%.txt'
>>> safe_filename = filename.encode('ascii', 'ignore').translate(None, deletechars).decode()
>>> safe_filename
'abc..txt'



It doesn’t handle empty strings, special filenames (‘nul’, ‘con’, etc).

6 people think this answer is useful

Another issue that the other comments haven’t addressed yet is the empty string, which is obviously not a valid filename. You can also end up with an empty string from stripping too many characters.

What with the Windows reserved filenames and issues with dots, the safest answer to the question “how do I normalise a valid filename from arbitrary user input?” is “don’t even bother try”: if you can find any other way to avoid it (eg. using integer primary keys from a database as filenames), do that.

If you must, and you really need to allow spaces and ‘.’ for file extensions as part of the name, try something like:

import re
badchars= re.compile(r'[^A-Za-z0-9_. ]+|^\.|\.$|^ |$|^$') badnames= re.compile(r'(aux|com[1-9]|con|lpt[1-9]|prn)(\.|$)')

def makeName(s):
name= '_'+name
return name



Even this can’t be guaranteed right especially on unexpected OSs — for example RISC OS hates spaces and uses ‘.’ as a directory separator.

6 people think this answer is useful

Though you have to be careful. It is not clearly said in your intro, if you are looking only at latine language. Some words can become meaningless or another meaning if you sanitize them with ascii characters only.

imagine you have “forêt poésie” (forest poetry), your sanitization might give “fort-posie” (strong + something meaningless)

Worse if you have to deal with chinese characters.

“下北沢” your system might end up doing “—” which is doomed to fail after a while and not very helpful. So if you deal with only files I would encourage to either call them a generic chain that you control or to keep the characters as it is. For URIs, about the same.

6 people think this answer is useful

Why not just wrap the “osopen” with a try/except and let the underlying OS sort out whether the file is valid?

This seems like much less work and is valid no matter which OS you use.

5 people think this answer is useful

I realise there are many answers but they mostly rely on regular expressions or external modules, so I’d like to throw in my own answer. A pure python function, no external module needed, no regular expression used. My approach is not to clean invalid chars, but to only allow valid ones.

def normalizefilename(fn):
validchars = "-_.() "
out = ""
for c in fn:
if str.isalpha(c) or str.isdigit(c) or (c in validchars):
out += c
else:
out += "_"
return out



if you like, you can add your own valid chars to the validchars variable at the beginning, such as your national letters that don’t exist in English alphabet. This is something you may or may not want: some file systems that don’t run on UTF-8 might still have problems with non-ASCII chars.

This function is to test for a single file name validity, so it will replace path separators with _ considering them invalid chars. If you want to add that, it is trivial to modify the if to include os path separator.

4 people think this answer is useful

I liked the python-slugify approach here but it was stripping dots also away which was not desired. So I optimized it for uploading a clean filename to s3 this way:

pip install python-slugify



Example code:

s = 'Very / Unsafe / file\nname hähä \n\r .txt'
clean_basename = slugify(os.path.splitext(s)[0])
clean_extension = slugify(os.path.splitext(s)[1][1:])
if clean_extension:
clean_filename = '{}.{}'.format(clean_basename, clean_extension)
elif clean_basename:
clean_filename = clean_basename
else:
clean_filename = 'none' # only unclean characters



Output:

>>> clean_filename
'very-unsafe-file-name-haha.txt'



This is so failsafe, it works with filenames without extension and it even works for only unsafe characters file names (result is none here).

3 people think this answer is useful

import string
import unicodedata

validFilenameChars = "-_.() %s%s" % (string.ascii_letters, string.digits)
def removeDisallowedFilenameChars(filename):
cleanedFilename = unicodedata.normalize('NFKD', filename).encode('ASCII', 'ignore')
return ''.join(chr(c) for c in cleanedFilename if chr(c) in validFilenameChars)



3 people think this answer is useful

If you don’t mind installing a package, this should be useful: https://pypi.org/project/pathvalidate/

from pathvalidate import sanitize_filename

fname = "fi:l*e/p\"a?t>h|.t<xt"
print(f"{fname} -> {sanitize_filename(fname)}\n")
fname = "\0_a*b:c<d>e%f/(g)h+i_0.txt"
print(f"{fname} -> {sanitize_filename(fname)}\n")



### Output

fi:l*e/p"a?t>h|.t<xt -> filepath.txt
_a*b:c<d>e%f/(g)h+i_0.txt -> _abcde%f(g)h+i_0.txt



1 people think this answer is useful

Most of these solutions don’t work.

‘/hello/world’ -> ‘helloworld’

‘/helloworld’/ -> ‘helloworld’

This isn’t what you want generally, say you are saving the html for each link, you’re going to overwrite the html for a different webpage.

I pickle a dict such as:

{'helloworld':
(
{'/hello/world': 'helloworld', '/helloworld/': 'helloworld1'},
2)
}



2 represents the number that should be appended to the next filename.

I look up the filename each time from the dict. If it’s not there, I create a new one, appending the max number if needed.

1 people think this answer is useful

Not exactly what OP was asking for but this is what I use because I need unique and reversible conversions:

# p3 code
def safePath (url):
return ''.join(map(lambda ch: chr(ch) if ch in safePath.chars else '%%%02x' % ch, url.encode('utf-8')))
safePath.chars = set(map(lambda x: ord(x), '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-_ .'))



Result is “somewhat” readable, at least from a sysadmin point of view.

0 people think this answer is useful

I’m sure this isn’t a great answer, since it modifies the string it’s looping over, but it seems to work alright:

import string
for chr in your_string:
if chr == ' ':
your_string = your_string.replace(' ', '_')
elif chr not in string.ascii_letters or chr not in string.digits:
your_string = your_string.replace(chr, '')



0 people think this answer is useful

UPDATE

Also, I also wouldn’t do it this way anymore, just base64 encode or drop unsafe chars. Python 3 example:

import re
t = re.compile("[a-zA-Z0-9.,_-]")
safe = [ch for ch in unsafe if t.match(ch)]
# => 'abc'



With base64 you can encode and decode, so you can retrieve the original filename again.

But depending on the use case you might be better off generating a random filename and storing the metadata in separate file or DB.

from random import choice
from string import ascii_lowercase, ascii_uppercase, digits
allowed_chr = ascii_lowercase + ascii_uppercase + digits

safe = ''.join([choice(allowed_chr) for _ in range(16)])
# => 'CYQ4JDKE9JfcRzAZ'



The bobcat project contains a python module that does just this.

It’s not completely robust, see this post and this reply.

So, as noted: base64 encoding is probably a better idea if readability doesn’t matter.

0 people think this answer is useful

Here, this should cover all the bases. It handles all types of issues for you, including (but not limited too) character substitution.

Works in Windows, *nix, and almost every other file system. Allows printable characters only.

def txt2filename(txt, chr_set='normal'):
"""Converts txt to a valid Windows/*nix filename with printable characters only.

args:
txt: The str to convert.
chr_set: 'normal', 'universal', or 'inclusive'.
'universal':    ' -.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
'normal':       Every printable character exept those disallowed on Windows/*nix.
'extended':     All 'normal' characters plus the extended character ASCII codes 128-255
"""

FILLER = '-'

# Step 1: Remove excluded characters.
if chr_set == 'universal':
# Lookups in a set are O(n) vs O(n * x) for a str.
printables = set(' -.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
else:
if chr_set == 'normal':
max_chr = 127
elif chr_set == 'extended':
max_chr = 256
else:
raise ValueError(f'The chr_set argument may be normal, extended or universal; not {chr_set=}')
EXCLUDED_CHRS = set(r'<>:"/\|?*')               # Illegal characters in Windows filenames.
EXCLUDED_CHRS.update(chr(127))                  # DEL (non-printable).
printables = set(chr(x)
for x in range(32, max_chr)
if chr(x) not in EXCLUDED_CHRS)
result = ''.join(x if x in printables else FILLER   # Allow printable characters only.
for x in txt)

# Step 2: Device names, '.', and '..' are invalid filenames in Windows.
DEVICE_NAMES = 'CON,PRN,AUX,NUL,COM1,COM2,COM3,COM4,' \
'COM5,COM6,COM7,COM8,COM9,LPT1,LPT2,' \
'LPT3,LPT4,LPT5,LPT6,LPT7,LPT8,LPT9,' \
'CONIN$,CONOUT$,..,.'.split()        # This list is an O(n) operation.
if result in DEVICE_NAMES:
result = f'-{result}-'

# Step 3: Maximum length of filename is 255 bytes in Windows and Linux (other *nix flavors may allow longer names).
result = result[:255]

# Step 4: Windows does not allow filenames to end with '.' or ' ' or begin with ' '.
result = re.sub(r'^[. ]', FILLER, result)
result = re.sub(r' \$', FILLER, result)

return result



This solution needs no external libraries. It substitutes non-printable filenames too because they are not always simple to deal with.