diff options
| author | Georg Brandl <georg@python.org> | 2010-08-02 18:30:48 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2010-08-02 18:30:48 (GMT) |
| commit | 5ff2745fed91dca3dca20360945562df70ed7767 (patch) | |
| tree | a6bf314dc357816b9bf594424975f2ab98a63ee6 | |
| parent | f613f352d05cafbec6c4524c67f3eed00a0c4857 (diff) | |
| download | cpython-5ff2745fed91dca3dca20360945562df70ed7767.zip cpython-5ff2745fed91dca3dca20360945562df70ed7767.tar.gz cpython-5ff2745fed91dca3dca20360945562df70ed7767.tar.bz2 | |
#9061: warn that single quotes are not escaped.
| -rw-r--r-- | Doc/library/cgi.rst | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst index efee711..f0c0a07 100644 --- a/Doc/library/cgi.rst +++ b/Doc/library/cgi.rst @@ -349,10 +349,13 @@ algorithms implemented in this module in other circumstances. Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag *quote* is true, the quotation mark - character (``'"'``) is also translated; this helps for inclusion in an HTML - attribute value, as in ``<A HREF="...">``. If the value to be quoted might - include single- or double-quote characters, or both, consider using the - :func:`quoteattr` function in the :mod:`xml.sax.saxutils` module instead. + character (``"``) is also translated; this helps for inclusion in an HTML + attribute value delimited by double quotes, as in ``<a href="...">``. Note + that single quotes are never translated. + + If the value to be quoted might include single- or double-quote characters, + or both, consider using the :func:`quoteattr` function in the + :mod:`xml.sax.saxutils` module instead. .. _cgi-security: |