[docs] [issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities

Gregory P. Smith report at bugs.python.org
Tue Feb 23 12:41:45 EST 2016


Gregory P. Smith added the comment:

As pointed out, this is working as intended and is documented as such.  That it isn't what you want is why Python 3 has html.escape() instead.

----------
resolution:  -> duplicate
status: open -> closed
superseder:  -> cgi.escape Can Lead To XSS Vulnerabilities
versions: +Python 2.7, Python 3.4, Python 3.5

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26398>
_______________________________________


More information about the docs mailing list