A critique of cgi.escape

Lawrence D'Oliveiro ldo at geek-central.gen.new_zealand
Wed Sep 27 02:35:23 CEST 2006


In message <Xns984ABA8B57753castleamber at 130.133.1.4>, John Bokma wrote:

> Brian Quinlan <brian at sweetapp.com> wrote:
> 
>> o escaping attribute values is less common than escaping element
>>    text
> 
> Again, you must be kidding...

I don't think Brian Quinlan was seriously trying to claim that was true,
only that was the argument some people were making. Anybody who's done much
work generating HTML for Web pages will know that dynamically-generated
attribute values occur far more often than dynamically-generated cdata. Or
is that pcdata?

> ... href="/search.cgi?query=3&results=10" 

You _do_ realize that the "&" should be escaped as "&", don't you?



More information about the Python-list mailing list