A critique of cgi.escape

Georg Brandl g.brandl-nospam at gmx.net
Tue Sep 26 11:55:18 CEST 2006


Lawrence D'Oliveiro wrote:
> In message <efaknl$867$2 at news.albasani.net>, Georg Brandl wrote:
> 
>> Lawrence D'Oliveiro wrote:
>>> In message <4517e10e$0$13929$edfadb0f at dread15.news.tele.dk>, Max M wrote:
>>> 
>>>> Lawrence is right that the escape method doesn't work the way he expects
>>>> it to.
>>>> 
>>>> Rewriting a library module simply because a developer is surprised is a
>>>> *very* bad idea.
>>> 
>>> I'm not surprised. Disappointed, yes. Verging on disgust at some comments
>>> in this thread, yes. But "surprised" is what a lot of users of the
>>> existing cgi.escape function are going to be when they discover their
>>> code isn't doing what they thought it was.
>> 
>> Why should they be surprised? The documentation states clearly what
>> cgi.escape() does (as does the docstring).
> 
> Documentation frequently states stupid things. Doesn't mean it should be
> treated as sacrosanct.

That's not the point. The point is that someone using cgi.escape() will hardly
be surprised of what it does and doesn't do.

Georg



More information about the Python-list mailing list