A critique of cgi.escape
chris.cavalaria at free.fr
Tue Sep 26 13:39:51 CEST 2006
Sion Arrowsmith a écrit :
> Jon Ribbens <jon+usenet at unequivocal.co.uk> wrote:
>> In article <Xns98499CF9DCEE4duncanbooth at 127.0.0.1>, Duncan Booth wrote:
>>> I guess you've never seen anyone write tests which retrieve some generated
>>> html and compare it against the expected value. If the page contains any
>>> unescaped quotes then this change would break it.
>> You're right - I've never seen anyone do such a thing. It sounds like
>> a highly dubious and very fragile sort of test to me, of very limited
> So what sort of test would you use, that doesn't involve comparing
> actual output against expected output?
Well, one could say that the expected output is the one as it'll be
interpreted by the HTLM navigator. And thus, the test should un HTLM
escape the string and compare it to the original string instead of
mandating a specific encoding.
More information about the Python-list