Re: A critique of cgi.escape
- From: Fredrik Lundh <fredrik@xxxxxxxxxxxxxx>
- Date: Sun, 24 Sep 2006 10:48:54 +0200
Jon Ribbens wrote:
Making cgi.escape always escape the '"' character would not break
anything, and would probably fix a few bugs in existing code. Yes,
those bugs are not cgi.escape's fault, but that's no reason not to
be helpful. It's a minor improvement with no downside.
the "improvement with no downside" would bloat down the output for everyone who's using the function in the intended way, and will also break unit tests.
> One thing that is flat-out wrong, by the way, is that cgi.escape()
> does not encode the apostrophe (') character.
it's intentional, of course: you're supposed to use " if you're using cgi.escape(s, True) to escape attributes. again, punishing people who actually read the docs and understand them is not a very good way to maintain software.
btw, you're both missing that cgi.escape isn't good enough for general use anyway, since it doesn't deal with encodings at all. if you want a general purpose function that can be used for everything that can be put in an HTML file, you need more than just a modified cgi.escape. feel free to propose a general-purpose replacement (which should have a new name), but make sure you think through *all* the issues before you do that.
</F>
.
- Follow-Ups:
- Re: A critique of cgi.escape
- From: Dan Bishop
- Re: A critique of cgi.escape
- From: Jon Ribbens
- Re: A critique of cgi.escape
- From: Lawrence D'Oliveiro
- Re: A critique of cgi.escape
- References:
- A critique of cgi.escape
- From: Lawrence D'Oliveiro
- Re: A critique of cgi.escape
- From: Fredrik Lundh
- Re: A critique of cgi.escape
- From: Jon Ribbens
- A critique of cgi.escape
- Prev by Date: Re: Timeline for Python?
- Next by Date: Re: newbe's re question
- Previous by thread: Re: A critique of cgi.escape
- Next by thread: Re: A critique of cgi.escape
- Index(es):
Relevant Pages
|
