[docs] [issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities

Gregory P. Smith report at bugs.python.org
Tue Feb 23 12:41:45 EST 2016

Gregory P. Smith added the comment:

As pointed out, this is working as intended and is documented as such.  That it isn't what you want is why Python 3 has html.escape() instead.

resolution:  -> duplicate
status: open -> closed
superseder:  -> cgi.escape Can Lead To XSS Vulnerabilities
versions: +Python 2.7, Python 3.4, Python 3.5

Python tracker <report at bugs.python.org>

More information about the docs mailing list