[Python-checkins] r83599 - python/branches/py3k/Doc/library/cgi.rst
georg.brandl
python-checkins at python.org
Mon Aug 2 23:51:18 CEST 2010
Author: georg.brandl
Date: Mon Aug 2 23:51:18 2010
New Revision: 83599
Log:
#9061: warn that single quotes are never escaped.
Modified:
python/branches/py3k/Doc/library/cgi.rst
Modified: python/branches/py3k/Doc/library/cgi.rst
==============================================================================
--- python/branches/py3k/Doc/library/cgi.rst (original)
+++ python/branches/py3k/Doc/library/cgi.rst Mon Aug 2 23:51:18 2010
@@ -324,10 +324,13 @@
Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark
- character (``'"'``) is also translated; this helps for inclusion in an HTML
- attribute value, as in ``<A HREF="...">``. If the value to be quoted might
- include single- or double-quote characters, or both, consider using the
- :func:`quoteattr` function in the :mod:`xml.sax.saxutils` module instead.
+ character (``"``) is also translated; this helps for inclusion in an HTML
+ attribute value delimited by double quotes, as in ``<a href="...">``. Note
+ that single quotes are never translated.
+
+ If the value to be quoted might include single- or double-quote characters,
+ or both, consider using the :func:`quoteattr` function in the
+ :mod:`xml.sax.saxutils` module instead.
.. _cgi-security:
More information about the Python-checkins
mailing list