A critique of cgi.escape

Fredrik Lundh fredrik at pythonware.com
Sat Sep 23 20:19:19 CEST 2006


Lawrence D'Oliveiro wrote:

> So I think the default for the second argument to cgi.escape should be
> changed to True. Or alternatively, the second argument should be removed
> altogether, and quotes should always be escaped.

you're confused: cgi.escape(s) is designed to be used for ordinary text, 
cgi.escape(s, True) is designed for attributes.  if you use the code the 
way it's intended to be used, it works perfectly fine.

> Can changing the default break existing scripts? I don't see how. It might
> even fix a few lurking bugs out there.

I'm not sure this "every time I don't immediately understand something, 
I'll write a change proposal instead of reading the library reference" 
approach is healthy, really.

</F>




More information about the Python-list mailing list