A critique of cgi.escape

Jon Ribbens jon+usenet at unequivocal.co.uk
Tue Sep 26 11:53:46 EDT 2006

In article <mailman.704.1159285432.10491.python-list at python.org>, Brian Quinlan wrote:
>> Your summary seems pretty reasonable, but please note that later on,
>> the thread was not about cgi.escape escaping (or not) quote
>> characters (as described in your summary), but about Fredrik arguing,
>> somewhat incoherently, that it should have to take character encodings
>> into consideration.
> And, of course, about you telling people that their explanations are not 
> good enough :-)

I guess, if you mean the part of the thread which went "it'll break
existing code", "what existing code"? "existing code" "but what
existing code?" "i dunno, just, er, code" "ok *how* will it break it?"
"i dunno, it just will"?

> BTW, I am curious about how you do unit testing. The example that I used 
> in my summary is a very common pattern but would break in cgi.escape 
> changed it's semantics. What do you do instead?

To be honest I'm not sure what *sort* of code people test this way. It
just doesn't seem appropriate at all for web page generating code. Web
pages need to be manually viewed in web browsers, and validated, and
checked for accessibility. Checking they're equal to a particular
string just seems bizarre (and where does that string come from

More information about the Python-list mailing list