A critique of cgi.escape
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Thu Sep 28 01:14:36 EDT 2006
In message <mailman.849.1159413324.10491.python-list at python.org>, Stuart
Bishop wrote:
> People also use that function to escape non-HTML too - if they are using
> it as documented, and it produces the correct results for them, great.
> Note that the documentation doesn't say that input has to be HTML, nor
> that output must be used as HTML.
It says that the input is converted to "HTML-safe sequences".
> It just describes the transformation
> that it does clearly and unambiguously and can quite happily be used for
> generating quoted text for use in, say, XML documents.
And all those character entities references are also valid in XML.
> Also, because Python has a
> conservative policy on backwards incompatible changes, you are protected
> from some wanker going and changing the HTML safe mappings arbitrarily,
> say using numerical entity references instead of >, < and &.
Why would that be wrong? It would still be consistent with the
documentation.
More information about the Python-list
mailing list