A critique of cgi.escape
Jon Ribbens
jon+usenet at unequivocal.co.uk
Tue Sep 26 14:04:24 EDT 2006
In article <mailman.718.1159292292.10491.python-list at python.org>, Brian Quinlan wrote:
> If, in the example that I showed, the less-than character was not
> correctly escaped, then it might not manifest itself frequently in a
> typical application because the less-than character is seldom used in
> English prose.
OK, but effectively what you're talking about here is testing the
'cgi.escape' function itself - said test of course being part and
parcel of the cgi package and therefore easily updatable if the
cgi.escape function changes.
> Also, assuming that single case was trivial to test without a test
> harness, how many web pages do I have to look at to be reasonably
> confident that *every* feature works correctly?
It depends on how many features you have! My templating system, for
example, has sections and replacements, and that's it. Replacements
can be unencoded, html-encoded or url-encoded. That's approximately
4 things to test ;-) Plus, the templating code basically never changes
so doesn't need regression testing.
More information about the Python-list
mailing list