A critique of cgi.escape

Fredrik Lundh fredrik at pythonware.com
Tue Sep 26 18:48:15 CEST 2006

Brian Quinlan wrote:

> I'd have to dig through the revision history to be sure, but I imagine 
> that cgi.escape was originally only used in the cgi module (and there 
> only in it's various print_* functions). Then it started being used by 
> other core Python modules e.g. cgitb, DocXMLRPCServer.

nah, it's an official API for simple HTML/XML escaping, and it's 
perfectly usable for what it's supposed to be used for.

however, if you're doing serious web hacking, you *should* of course 
work at the XHTML information set level whenever you can, where you 
focus on the data you want to publish (using Unicode strings for any- 
thing that's even remotely resembles human text), and the framework 
makes sure that it gets to the other side in once piece, using HTML4 or 
XHTML as necessary, and escaping and encoding things properly and 
efficiently on the way.  it's 2006.  transferring data from Python 
applications to web browsers is no rocket science.


More information about the Python-list mailing list