A critique of cgi.escape

Lawrence D'Oliveiro ldo at geek-central.gen.new_zealand
Tue Sep 26 09:32:51 CEST 2006

In message <efakbd$867$1 at news.albasani.net>, Georg Brandl wrote:

> Lawrence D'Oliveiro wrote:
>> In message <mailman.559.1159188171.10491.python-list at python.org>, Fredrik
>> Lundh wrote:
>>> Lawrence D'Oliveiro wrote:
>>>>> Georg Brandl wrote:
>>>>>> A function is broken if its implementation doesn't match the
>>>>>> documentation.
>>>>> or if it doesn't match the designer's intent.  cgi.escape is old
>>>>> enough that we would have noticed that, by now...
>>>> _We_ certainly have noticed it.
>>> you're not the designer...
>> I don't have to be. Whoever the designer was, they had not properly
>> thought through the uses of this function. That's quite obvious already,
>> to anybody who works with HTML a lot. So the function is broken and needs
>> to be fixed.
>> If you're worried about changing the semantics of a function that keeps
>> the same "cgi.escape" name, then fine. We delete the existing function
>> and add a new, properly-designed one. _That_ will be a wake-up call to
>> all the users of the existing function to fix their code.
> What about the users who don't need to "fix" their code since it's working
> fine and flawlessly with the current cgi.escape?

They're just lucky. I guess, that the bugs haven't bitten them--yet.

More information about the Python-list mailing list