A critique of cgi.escape
Fredrik Lundh
fredrik at pythonware.com
Tue Sep 26 12:48:15 EDT 2006
Brian Quinlan wrote:
> I'd have to dig through the revision history to be sure, but I imagine
> that cgi.escape was originally only used in the cgi module (and there
> only in it's various print_* functions). Then it started being used by
> other core Python modules e.g. cgitb, DocXMLRPCServer.
nah, it's an official API for simple HTML/XML escaping, and it's
perfectly usable for what it's supposed to be used for.
however, if you're doing serious web hacking, you *should* of course
work at the XHTML information set level whenever you can, where you
focus on the data you want to publish (using Unicode strings for any-
thing that's even remotely resembles human text), and the framework
makes sure that it gets to the other side in once piece, using HTML4 or
XHTML as necessary, and escaping and encoding things properly and
efficiently on the way. it's 2006. transferring data from Python
applications to web browsers is no rocket science.
</F>
More information about the Python-list
mailing list