Skip to content

C
cpython
Commit 5ff2745f authored by Georg Brandl's avatar Georg Brandl
Browse files
Options

#9061: warn that single quotes are not escaped.

parent f613f352
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 4 deletions
Doc/library/cgi.rst
View file @ 5ff2745f
...@@ -349,10 +349,13 @@ algorithms implemented in this module in other circumstances. ...@@ -349,10 +349,13 @@ algorithms implemented in this module in other circumstances.
Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark characters in HTML. If the optional flag *quote* is true, the quotation mark
character (``'"'``) is also translated; this helps for inclusion in an HTML character (``"``) is also translated; this helps for inclusion in an HTML
attribute value, as in ``<A HREF="...">``. If the value to be quoted might attribute value delimited by double quotes, as in ``<a href="...">``. Note
include single- or double-quote characters, or both, consider using the that single quotes are never translated.
:func:`quoteattr` function in the :mod:`xml.sax.saxutils` module instead.
If the value to be quoted might include single- or double-quote characters,
or both, consider using the :func:`quoteattr` function in the
:mod:`xml.sax.saxutils` module instead.
.. _cgi-security: .. _cgi-security:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7