A critique of cgi.escape

Lawrence D'Oliveiro ldo at geek-central.gen.new_zealand
Tue Sep 26 21:45:20 EDT 2006

Previous message (by thread): A critique of cgi.escape
Next message (by thread): A critique of cgi.escape
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <mailman.674.1159276196.10491.python-list at python.org>, Fredrik
Lundh wrote:

> most HTML attributes cannot even contain things that would need
> to be escaped ...

sys.stdout.write \
  (
        "Email: <INPUT TYPE=\"TEXT\" NAME=\"email_address\" VALUE=\"%s\">\n"
    %
        QuoteHTML(WhateverTheUserPreviouslyTyped)
  )

Previous message (by thread): A critique of cgi.escape
Next message (by thread): A critique of cgi.escape
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-list mailing list