Martin Panter added the comment: The Python 3 documentation <https://docs.python.org/3/library/cgi.html#cgi.escape> says this is deprecated in favour of html.escape(), which by default has quote=True. AFAIK there is no equivalent in Python 2. See Issue 2830 for the addition of html.escape(), and also Issue 9061 about cgi.escape() introducing vulnerabilities.
---------- nosy: +martin.panter title: cgi.escape() Can Lead To XSS and HTMLi Vulnerabilities -> cgi.escape() Can Lead To XSS and HTML Vulnerabilities _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26398> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
