A critique of cgi.escape
Fredrik Lundh
fredrik at pythonware.com
Sun Sep 24 04:48:54 EDT 2006
Jon Ribbens wrote:
> Making cgi.escape always escape the '"' character would not break
> anything, and would probably fix a few bugs in existing code. Yes,
> those bugs are not cgi.escape's fault, but that's no reason not to
> be helpful. It's a minor improvement with no downside.
the "improvement with no downside" would bloat down the output for
everyone who's using the function in the intended way, and will also
break unit tests.
> One thing that is flat-out wrong, by the way, is that cgi.escape()
> does not encode the apostrophe (') character.
it's intentional, of course: you're supposed to use " if you're using
cgi.escape(s, True) to escape attributes. again, punishing people who
actually read the docs and understand them is not a very good way to
maintain software.
btw, you're both missing that cgi.escape isn't good enough for general
use anyway, since it doesn't deal with encodings at all. if you want a
general purpose function that can be used for everything that can be put
in an HTML file, you need more than just a modified cgi.escape. feel
free to propose a general-purpose replacement (which should have a new
name), but make sure you think through *all* the issues before you do that.
</F>
More information about the Python-list
mailing list