A critique of cgi.escape

Jon Ribbens jon+usenet at unequivocal.co.uk
Mon Sep 25 17:13:30 CEST 2006


In article <4517eecf$0$14036$edfadb0f at dread15.news.tele.dk>, Max M wrote:
> Oh ... because you cannot see a use case for that *documented* 
> behaviour, it must certainly be wrong?

No, but if nobody else can find one either, that's a clue that maybe
it's safe to change.

Here's a point for you - the documentation for cgi.escape says that
the characters "&", "<" and ">" are converted, but not what they are
converted to. Even by your own argument, therefore, code is not
entitled to rely on the output of cgi.escape being any particular
exact string.

> This funktion which is correct by current documentation will be broken 
> by you change.
> 
> def hasSomeWord(someword):
>      import urllib
>      f = urllib.open('http://www.example.com/cgi_escaped_content')
>      content = f.read()
>      f.close()
>      return '"%s"' % someword in content:

That function is broken already, no change required.
I find it amazing that you cannot understand this.



More information about the Python-list mailing list