A critique of cgi.escape

Jon Ribbens jon+usenet at unequivocal.co.uk
Mon Sep 25 09:54:16 EDT 2006


In article <mailman.561.1159188363.10491.python-list at python.org>, Fredrik Lundh wrote:
> (still waiting for the "jon's enhanced escape" proposal, btw, but I guess it's
> easier to piss on others than to actually contribute something useful).

Well, yes, you certainly seem to be good at the "pissing on others"
part, even if you have to lie to do it. You have had the "enhanced
escape" proposal all along - it was the post which started this
thread! If you are referring to your strawman argument about
encodings, you have yet to show that it's relevant.

If it'll make you any happier, here's the code for the 'cgi.escape'
equivalent that I usually use:

  _html_encre = re.compile("[&<>\"'+]")
  _html_encodes = { "&": "&", "<": "<", ">": ">", "\"": """,
		    "'": "'", "+": "+" }

  def html_encode(raw):
    return re.sub(_html_encre, lambda m: _html_encodes[m.group(0)], raw)



More information about the Python-list mailing list