A critique of cgi.escape

Christophe chris.cavalaria at free.fr
Tue Sep 26 13:39:51 CEST 2006

Sion Arrowsmith a écrit :
> Jon Ribbens  <jon+usenet at unequivocal.co.uk> wrote:
>> In article <Xns98499CF9DCEE4duncanbooth at>, Duncan Booth wrote:
>>> I guess you've never seen anyone write tests which retrieve some generated 
>>> html and compare it against the expected value. If the page contains any 
>>> unescaped quotes then this change would break it.
>> You're right - I've never seen anyone do such a thing. It sounds like
>> a highly dubious and very fragile sort of test to me, of very limited
>> use.
> So what sort of test would you use, that doesn't involve comparing
> actual output against expected output?

Well, one could say that the expected output is the one as it'll be 
interpreted by the HTLM navigator. And thus, the test should un HTLM 
escape the string and compare it to the original string instead of 
mandating a specific encoding.

More information about the Python-list mailing list