Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

#9061: warn that single quotes are not escaped.

This commit is contained in:
Georg Brandl 2010-08-02 18:30:48 +00:00
parent f613f352d0
commit 5ff2745fed
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Doc/library/cgi.rst
View File

@ -349,10 +349,13 @@ algorithms implemented in this module in other circumstances.
Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark
character (``'"'``) is also translated; this helps for inclusion in an HTML
attribute value, as in ``<A HREF="...">``. If the value to be quoted might
include single- or double-quote characters, or both, consider using the
:func:`quoteattr` function in the :mod:`xml.sax.saxutils` module instead.
character (``"``) is also translated; this helps for inclusion in an HTML
attribute value delimited by double quotes, as in ``<a href="...">``. Note
that single quotes are never translated.
If the value to be quoted might include single- or double-quote characters,
or both, consider using the :func:`quoteattr` function in the
:mod:`xml.sax.saxutils` module instead.
.. _cgi-security: