Re: A critique of cgi.escape
- From: Lawrence D'Oliveiro <ldo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 24 Sep 2006 16:49:22 +1200
In message <slrnehbra1.kpr.jon+usenet@xxxxxxxxxxxxxxxx>, Jon Ribbens wrote:
In article <mailman.499.1159035571.10491.python-list@xxxxxxxxxx>, Fredrik
Lundh wrote:
Lawrence D'Oliveiro wrote:
So I think the default for the second argument to cgi.escape should be
changed to True. Or alternatively, the second argument should be removed
altogether, and quotes should always be escaped.
you're confused: cgi.escape(s) is designed to be used for ordinary text,
cgi.escape(s, True) is designed for attributes. if you use the code the
way it's intended to be used, it works perfectly fine.
He's not confused, he's correct; the author of cgi.escape is the
confused one.
Thanks for backing me up. :)
One thing that is flat-out wrong, by the way, is that cgi.escape()does not encode the apostrophe (') character. This is essentially
identical to the quote character in HTML, so any code which escaping
one should always be escaping the other.
I must confess I did a double-take on this. But I rechecked the HTML spec
(HTML 4.0, section 3.2.2, "Attributes"), and you're right--single quotes
ARE allowed as an alternative to double quotes. It's just I've never used
them as quotes. :)
.
- References:
- A critique of cgi.escape
- From: Lawrence D'Oliveiro
- Re: A critique of cgi.escape
- From: Fredrik Lundh
- Re: A critique of cgi.escape
- From: Jon Ribbens
- A critique of cgi.escape
- Prev by Date: Re: What is the best way to "get" a web page?
- Next by Date: Re: grabbing random words
- Previous by thread: Re: A critique of cgi.escape
- Next by thread: Re: A critique of cgi.escape
- Index(es):
Relevant Pages
|
