diff options
author | Georg Brandl <georg@python.org> | 2010-10-15 15:57:45 (GMT) |
---|---|---|
committer | Georg Brandl <georg@python.org> | 2010-10-15 15:57:45 (GMT) |
commit | 1f7fffb308390d10a2c6a4ec624f18cfeef97aeb (patch) | |
tree | 65e2437904ba089004c69c77b49e5059623b83fb /Lib/cgi.py | |
parent | 70543acfa1bce2e5f448d8d0085df595bfa9a2f9 (diff) | |
download | cpython-1f7fffb308390d10a2c6a4ec624f18cfeef97aeb.zip cpython-1f7fffb308390d10a2c6a4ec624f18cfeef97aeb.tar.gz cpython-1f7fffb308390d10a2c6a4ec624f18cfeef97aeb.tar.bz2 |
#2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning.
Diffstat (limited to 'Lib/cgi.py')
-rwxr-xr-x | Lib/cgi.py | 25 |
1 files changed, 13 insertions, 12 deletions
@@ -31,13 +31,13 @@ __version__ = "2.6" # Imports # ======= -from operator import attrgetter from io import StringIO import sys import os import urllib.parse import email.parser from warnings import warn +import html __all__ = ["MiniFieldStorage", "FieldStorage", "parse", "parse_qs", "parse_qsl", "parse_multipart", @@ -800,8 +800,8 @@ def print_exception(type=None, value=None, tb=None, limit=None): list = traceback.format_tb(tb, limit) + \ traceback.format_exception_only(type, value) print("<PRE>%s<B>%s</B></PRE>" % ( - escape("".join(list[:-1])), - escape(list[-1]), + html.escape("".join(list[:-1])), + html.escape(list[-1]), )) del tb @@ -812,7 +812,7 @@ def print_environ(environ=os.environ): print("<H3>Shell Environment:</H3>") print("<DL>") for key in keys: - print("<DT>", escape(key), "<DD>", escape(environ[key])) + print("<DT>", html.escape(key), "<DD>", html.escape(environ[key])) print("</DL>") print() @@ -825,10 +825,10 @@ def print_form(form): print("<P>No form fields.") print("<DL>") for key in keys: - print("<DT>" + escape(key) + ":", end=' ') + print("<DT>" + html.escape(key) + ":", end=' ') value = form[key] - print("<i>" + escape(repr(type(value))) + "</i>") - print("<DD>" + escape(repr(value))) + print("<i>" + html.escape(repr(type(value))) + "</i>") + print("<DD>" + html.escape(repr(value))) print("</DL>") print() @@ -839,9 +839,9 @@ def print_directory(): try: pwd = os.getcwd() except os.error as msg: - print("os.error:", escape(str(msg))) + print("os.error:", html.escape(str(msg))) else: - print(escape(pwd)) + print(html.escape(pwd)) print() def print_arguments(): @@ -899,9 +899,9 @@ environment as well. Here are some common variable names: # ========= def escape(s, quote=None): - '''Replace special characters "&", "<" and ">" to HTML-safe sequences. - If the optional flag quote is true, the quotation mark character (") - is also translated.''' + """Deprecated API.""" + warn("cgi.escape is deprecated, use html.escape instead", + PendingDeprecationWarning, stacklevel=2) s = s.replace("&", "&") # Must be done first! s = s.replace("<", "<") s = s.replace(">", ">") @@ -909,6 +909,7 @@ def escape(s, quote=None): s = s.replace('"', """) return s + def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"): import re return re.match(_vb_pattern, s) |