A critique of cgi.escape
fredrik at pythonware.com
Sat Sep 23 20:19:19 CEST 2006
Lawrence D'Oliveiro wrote:
> So I think the default for the second argument to cgi.escape should be
> changed to True. Or alternatively, the second argument should be removed
> altogether, and quotes should always be escaped.
you're confused: cgi.escape(s) is designed to be used for ordinary text,
cgi.escape(s, True) is designed for attributes. if you use the code the
way it's intended to be used, it works perfectly fine.
> Can changing the default break existing scripts? I don't see how. It might
> even fix a few lurking bugs out there.
I'm not sure this "every time I don't immediately understand something,
I'll write a change proposal instead of reading the library reference"
approach is healthy, really.
More information about the Python-list