A critique of cgi.escape
jon+usenet at unequivocal.co.uk
Mon Sep 25 02:50:23 CEST 2006
In article <mailman.518.1159087749.10491.python-list at python.org>, Fredrik Lundh wrote:
>> Making cgi.escape always escape the '"' character would not break
>> anything, and would probably fix a few bugs in existing code. Yes,
>> those bugs are not cgi.escape's fault, but that's no reason not to
>> be helpful. It's a minor improvement with no downside.
> the "improvement with no downside" would bloat down the output for
> everyone who's using the function in the intended way,
By a miniscule degree. That is a very weak argument by any standard.
> and will also break unit tests.
Er, so change the unit tests at the same time?
> > One thing that is flat-out wrong, by the way, is that cgi.escape()
> > does not encode the apostrophe (') character.
> it's intentional, of course:
I noticed. That doesn't mean it isn't wrong.
> you're supposed to use " if you're using cgi.escape(s, True) to
> escape attributes. again, punishing people who actually read the
> docs and understand them is not a very good way to maintain
In what way is anyone being "punished"? Deliberately retaining flaws
and misfeatures that can easily be fixed without damaging
backwards-compatibility is not a very good way to maintain software
> btw, you're both missing that cgi.escape isn't good enough for general
> use anyway,
I'm sorry, I didn't realise this was a general thread about any and
all inadequacies of Python's cgi module.
> since it doesn't deal with encodings at all.
Why does it need to? cgi.escape is (or should be) dealing with
character strings, not byte sequences. I must admit,
internationalisation is not my forte, so if there's something
I'm missing here I'd love to hear about it.
By the way, if you could try and put across your proposed arguments as
to why you don't favour this suggested change without the insults and
general rudeness, it would be appreciated.
More information about the Python-list