A critique of cgi.escape
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Tue Sep 26 20:35:23 EDT 2006
In message <Xns984ABA8B57753castleamber at 130.133.1.4>, John Bokma wrote:
> Brian Quinlan <brian at sweetapp.com> wrote:
>
>> o escaping attribute values is less common than escaping element
>> text
>
> Again, you must be kidding...
I don't think Brian Quinlan was seriously trying to claim that was true,
only that was the argument some people were making. Anybody who's done much
work generating HTML for Web pages will know that dynamically-generated
attribute values occur far more often than dynamically-generated cdata. Or
is that pcdata?
> ... href="/search.cgi?query=3&results=10"
You _do_ realize that the "&" should be escaped as "&", don't you?
More information about the Python-list
mailing list