A critique of cgi.escape

Georg Brandl g.brandl-nospam at gmx.net
Mon Sep 25 10:24:26 EDT 2006

Jon Ribbens wrote:
> In article <mailman.569.1159192888.10491.python-list at python.org>, Fredrik Lundh wrote:
>>> There's nothing to say that cgi.escape should take them both into account
>>> in the one function
>> so what exactly are you using cgi.escape for in your code ?
> To escape characters so that they will be treated as character data
> and not control characters in HTML.
>>> What precisely do you think it would "break"?
>> existing code, and existing tests.
> I'm sorry, that's not good enough. How, precisely, would it break
> "existing code"? Can you come up with an example, or even an
> explanation of how it *could* break existing code?

Is that so hard to see? If cgi.escape replaced "'" with an entity reference,
code that expects it not to do so would break.


More information about the Python-list mailing list