A critique of cgi.escape
Brian Quinlan
brian at sweetapp.com
Wed Sep 27 04:28:53 EDT 2006
John Bokma wrote:
>> Why cgi.escape should NOT be changed:
>> o it is current used in lots of code and changing it will almost
>> certainly break some of it, test suites at minimum e.g.
>> assert my_template_system("<p>{foo}</p>", foo='"') == '<p>"</p>'
>
> You must be kidding.
Nope. How do you write your templating system unit tests?
>> o escaping attribute values is less common than escaping element
>> text
>
> Again, you must be kidding: href="/search.cgi?query=3&results=10"
>
Actually, I wasn't kidding. I was basing this belief on greping through
the Python standard library where only the quote=None form is ever used.
It also matches my experience. But I don't have a large enough sample to
make any claim either way.
Cheers,
Brian
More information about the Python-list
mailing list