[docs] [issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities
Martin Panter
report at bugs.python.org
Sun Feb 21 05:09:30 EST 2016
Martin Panter added the comment:
The Python 3 documentation <https://docs.python.org/3/library/cgi.html#cgi.escape> says this is deprecated in favour of html.escape(), which by default has quote=True. AFAIK there is no equivalent in Python 2. See Issue 2830 for the addition of html.escape(), and also Issue 9061 about cgi.escape() introducing vulnerabilities.
----------
nosy: +martin.panter
title: cgi.escape() Can Lead To XSS and HTMLi Vulnerabilities -> cgi.escape() Can Lead To XSS and HTML Vulnerabilities
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26398>
_______________________________________
More information about the docs
mailing list