summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorg Brandl <georg@python.org>2010-08-02 21:51:18 (GMT)
committerGeorg Brandl <georg@python.org>2010-08-02 21:51:18 (GMT)
commit18009342850e71775e7ebac7b6a743fbe3265c78 (patch)
tree62c5a5a2da2d426457419f61193d286fd4f18638
parent75f2f8206cbe7a991554e22c44161e9b3b789692 (diff)
downloadcpython-18009342850e71775e7ebac7b6a743fbe3265c78.zip
cpython-18009342850e71775e7ebac7b6a743fbe3265c78.tar.gz
cpython-18009342850e71775e7ebac7b6a743fbe3265c78.tar.bz2
#9061: warn that single quotes are never escaped.
-rw-r--r--Doc/library/cgi.rst11
1 files changed, 7 insertions, 4 deletions
diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst
index 17482d7..cfc6953 100644
--- a/Doc/library/cgi.rst
+++ b/Doc/library/cgi.rst
@@ -324,10 +324,13 @@ algorithms implemented in this module in other circumstances.
Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark
- character (``'"'``) is also translated; this helps for inclusion in an HTML
- attribute value, as in ``<A HREF="...">``. If the value to be quoted might
- include single- or double-quote characters, or both, consider using the
- :func:`quoteattr` function in the :mod:`xml.sax.saxutils` module instead.
+ character (``"``) is also translated; this helps for inclusion in an HTML
+ attribute value delimited by double quotes, as in ``<a href="...">``. Note
+ that single quotes are never translated.
+
+ If the value to be quoted might include single- or double-quote characters,
+ or both, consider using the :func:`quoteattr` function in the
+ :mod:`xml.sax.saxutils` module instead.
.. _cgi-security: