Python and cgi and <a> problem!

Mon Sep 23 23:19:50 EDT 2002

In article <Xns929330F5A61B0cliechtigmxnet at 62.2.16.82>, Chris Liechti wrote:
>>> print '<A href="%s">%s</A>' % (filename, filename)
>> 
>> I hope none of your filenames have '"', ">" or "&" in.
> 
> yeah i avoid characters that are special to the shell in my filenames - i 
> even don't use " " very often. <wink>
> 
> sure there are improvements, but its a start.

I'm not sure recommending completely broken and insecure code is ever
a good thing. No offence intended.