A critique of cgi.escape

Georg Brandl g.brandl-nospam at gmx.net
Tue Sep 26 11:55:18 CEST 2006

Lawrence D'Oliveiro wrote:
> In message <efaknl$867$2 at news.albasani.net>, Georg Brandl wrote:
>> Lawrence D'Oliveiro wrote:
>>> In message <4517e10e$0$13929$edfadb0f at dread15.news.tele.dk>, Max M wrote:
>>>> Lawrence is right that the escape method doesn't work the way he expects
>>>> it to.
>>>> Rewriting a library module simply because a developer is surprised is a
>>>> *very* bad idea.
>>> I'm not surprised. Disappointed, yes. Verging on disgust at some comments
>>> in this thread, yes. But "surprised" is what a lot of users of the
>>> existing cgi.escape function are going to be when they discover their
>>> code isn't doing what they thought it was.
>> Why should they be surprised? The documentation states clearly what
>> cgi.escape() does (as does the docstring).
> Documentation frequently states stupid things. Doesn't mean it should be
> treated as sacrosanct.

That's not the point. The point is that someone using cgi.escape() will hardly
be surprised of what it does and doesn't do.


More information about the Python-list mailing list