mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-03 13:45:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

#9061: warn that single quotes are not escaped.

Browse source
This commit is contained in:
Georg Brandl 2010-08-02 18:30:48 +00:00
parent f613f352d0
commit 5ff2745fed
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Doc/library/cgi.rst
View file

@ -349,10 +349,13 @@ algorithms implemented in this module in other circumstances.
Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark characters in HTML. If the optional flag *quote* is true, the quotation mark
character (``'"'``) is also translated; this helps for inclusion in an HTML character (``"``) is also translated; this helps for inclusion in an HTML
attribute value, as in ``<A HREF="...">``. If the value to be quoted might attribute value delimited by double quotes, as in ``<a href="...">``. Note
include single- or double-quote characters, or both, consider using the that single quotes are never translated.
:func:`quoteattr` function in the :mod:`xml.sax.saxutils` module instead.
If the value to be quoted might include single- or double-quote characters,
or both, consider using the :func:`quoteattr` function in the
:mod:`xml.sax.saxutils` module instead.
.. _cgi-security: .. _cgi-security: