Re: A critique of cgi.escape

From: Fredrik Lundh <fredrik@xxxxxxxxxxxxxx>
Date: Sat, 23 Sep 2006 20:19:19 +0200

Lawrence D'Oliveiro wrote:

So I think the default for the second argument to cgi.escape should be
changed to True. Or alternatively, the second argument should be removed
altogether, and quotes should always be escaped.

you're confused: cgi.escape(s) is designed to be used for ordinary text, cgi.escape(s, True) is designed for attributes. if you use the code the way it's intended to be used, it works perfectly fine.

Can changing the default break existing scripts? I don't see how. It might
even fix a few lurking bugs out there.

I'm not sure this "every time I don't immediately understand something, I'll write a change proposal instead of reading the library reference" approach is healthy, really.

</F>

.

Follow-Ups:
- Re: A critique of cgi.escape
  - From: Jon Ribbens
- Re: A critique of cgi.escape
  - From: Lawrence D'Oliveiro

References:
- A critique of cgi.escape
  - From: Lawrence D'Oliveiro

Prev by Date: Re: Help
Next by Date: Re: Running Python script from C++ code(.NET)
Previous by thread: A critique of cgi.escape
Next by thread: Re: A critique of cgi.escape
Index(es):
- Date
- Thread

Relevant Pages

Re: "Sgt. Pepper"...the bomb of all bombs?
... >>Well, that's another issue altogether, but the question was ... >>decor. ... > And he couldn't even get the continuity right for 'Tommy.' ... > should tell you what I think of Lawrence, ...
(rec.music.beatles)
Re: A critique of cgi.escape
... In message, Fredrik ... Lundh wrote: ... altogether, and quotes should always be escaped. ...
(comp.lang.python)
Re: Australia , good decision
... I hadn't seen these quotes from the ... politicians in any of the mainstream papers, and have no idea who Lawrence ...
(soc.culture.malaysia)
Re: QuoteSQL
... Lawrence D'Oliveiro enlightened us with: ... Including all sorts of quotes, newlines, backslashes etc. in the name. ...
(comp.lang.python)