diff options
Diffstat (limited to 'Doc/library/cgi.rst')
| -rw-r--r-- | Doc/library/cgi.rst | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst index 734031d..1e2498d 100644 --- a/Doc/library/cgi.rst +++ b/Doc/library/cgi.rst @@ -13,6 +13,10 @@ single: URL single: Common Gateway Interface +**Source code:** :source:`Lib/cgi.py` + +-------------- + Support module for Common Gateway Interface (CGI) scripts. This module defines a number of utilities for use by CGI scripts written in @@ -324,15 +328,13 @@ algorithms implemented in this module in other circumstances. Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag *quote* is true, the quotation mark - character (``'"'``) is also translated; this helps for inclusion in an HTML - attribute value, as in ``<A HREF="...">``. If the value to be quoted might - include single- or double-quote characters, or both, consider using the - :func:`~xml.sax.saxutils.quoteattr` function in the :mod:`xml.sax.saxutils` - module instead. + character (``"``) is also translated; this helps for inclusion in an HTML + attribute value delimited by double quotes, as in ``<a href="...">``. Note + that single quotes are never translated. - If the value to be quoted might include single- or double-quote characters, - or both, consider using the :func:`quoteattr` function in the - :mod:`xml.sax.saxutils` module instead. + .. deprecated:: 3.2 + This function is unsafe because *quote* is false by default, and therefore + deprecated. Use :func:`html.escape` instead. .. _cgi-security: @@ -510,8 +512,8 @@ Common problems and solutions .. rubric:: Footnotes -.. [#] Note that some recent versions of the HTML specification do state what order the - field values should be supplied in, but knowing whether a request was - received from a conforming browser, or even from a browser at all, is tedious - and error-prone. +.. [#] Note that some recent versions of the HTML specification do state what + order the field values should be supplied in, but knowing whether a request + was received from a conforming browser, or even from a browser at all, is + tedious and error-prone. |