Craig Younkins <cyounk...@gmail.com> wrote: > cgi.escape never escapes single quote characters, which can easily lead to a > Cross-Site Scripting (XSS) vulnerability. This seems to be known by many, > but a quick search reveals many are using cgi.escape for HTML attribute > escaping.
Did you file a bug report? Bill _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com