Re: A critique of cgi.escape

Jon Ribbens wrote:
In article <ef8oqr$9pt$1@xxxxxxxxxxxxxxxxx>, Georg Brandl wrote:
I'm sorry, that's not good enough. How, precisely, would it break
"existing code"? Can you come up with an example, or even an
explanation of how it *could* break existing code?
Is that so hard to see? If cgi.escape replaced "'" with an entity reference,
code that expects it not to do so would break.

Sorry, that's still not good enough. Why would any code expect such a
thing?

Plenty of test suites for a start. A non-backwards compatible change such as
being suggested can create a huge maintenance burden on lots of people.
People also use that function to escape non-HTML too - if they are using it
as documented, and it produces the correct results for them, great. Note
that the documentation doesn't say that input has to be HTML, nor that
output must be used as HTML. It just describes the transformation that it
does clearly and unambiguously and can quite happily be used for generating
quoted text for use in, say, XML documents. Also, because Python has a
conservative policy on backwards incompatible changes, you are protected
from some wanker going and changing the HTML safe mappings arbitrarily, say
using numerical entity references instead of &gt;, &lt; and &amp;. This
policy allows large software projects to be developed in Python and
maintained with less pain than if they were written in languages with a less
conservative policy.

If you want to improve the situation, join the WEB-SIG to help design new
and improved APIs so that the existing ones like the ancient cgi module can
be deprecated. Or maybe just some helpers can be added to the existing
htmllib module? There are better approaches than making non-backwards
compatible changes to functions people have been relying on since Python 1.5.


--
Stuart Bishop <stuart@xxxxxxxxxxxxxxxx>
http://www.stuartbishop.net/

Attachment: signature.asc
Description: OpenPGP digital signature

Relevant Pages

  • urllib2.urlopen(url) pulling something other than HTML
    ... shortcoming of Python, a mistype on my part or just an inherent ... htmllib.HTMLParser so it can parse the html for links. ... I can't find any documentation to explain ... def get_page: ...
    (comp.lang.python)
  • [Announce] haddoc and haddoc.el
    ... Haddoc is a simple tool that allows an emacs user to search the Python HTML ... documentation indexes and to bring a web browser to an index term page. ... Even though I have the Python TexInfo documentation installed from my Emacs, ...
    (comp.lang.python)
  • [maintenance doc updates]
    ... Documentation for Python 2.4.1 release candidate 2. ... A downloadable package containing the HTML is also available: ...
    (comp.lang.python)
  • [maintenance doc updates]
    ... Documentation for Python 2.4.1 release candidate 1. ... A downloadable package containing the HTML is also available: ...
    (comp.lang.python)
  • Re: Finding installed package files
    ... for making installation information more easily accessible? ... >> somewhere where more information about the key parts of the package ... >> As an example I installed the latest Python on Fedora 3. ... what one would expect is a form of help documentation much more integrated ...
    (alt.os.linux.redhat)