Lawrence D'Oliveiro [EMAIL PROTECTED] wrote:
Another useful function is this:
def JSString(Str) :
returns a JavaScript string literal that evaluates to Str.
Note I'm not worrying about non-ASCII characters for now.
snip
Here is a shorter alternative that handles
Lawrence D'Oliveiro wrote:
Another useful function is this:
def JSString(Str) :
returns a JavaScript string literal that evaluates to Str
You can do this more simply:
_map = {\\ : , \ : \\\, \t : \\t, \n : \\n}
def JSString(Str) :
mapped =
Another useful function is this:
def JSString(Str) :
returns a JavaScript string literal that evaluates to Str. Note
I'm not worrying about non-ASCII characters for now.
Result = []
for Ch in Str :
if Ch == \\ :
Ch =
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
maybe you haven't done software long enough to understand that
software works better if you use it the way it was intended to be
used, but that's no excuse for being stupid.
So what's your excuse?
If you don't like
Lawrence D'Oliveiro [EMAIL PROTECTED] wrote:
Also, because Python has a
conservative policy on backwards incompatible changes, you are protected
from some wanker going and changing the HTML safe mappings arbitrarily,
say using numerical entity references instead of gt;, lt; and amp;.
Why
Anthony Baxter wrote:
I would really rather this were a discussion than an argument. You will
now no doubt reply telling me I wouldn't.
My posting was issued as a response to the irritation engendered by your
argumentative style of debate. Your latest response simply proves that
there is
Georg Brandl [EMAIL PROTECTED] writes:
Anthony Baxter wrote:
I would really rather this were a discussion than an
argument. You will now no doubt reply telling me I wouldn't.
The Complaints department is down the hall...
Though some discussion participants seemingly want to stay for more
John Bokma wrote:
Why cgi.escape should NOT be changed:
o it is current used in lots of code and changing it will almost
certainly break some of it, test suites at minimum e.g.
assert my_template_system(p{foo}/p, foo='') == 'p/p'
You must be kidding.
Nope. How do you write your
In article [EMAIL PROTECTED], Gabriel G wrote:
By example, I do not validate a page. I validate that all methods
that make up pieces of a page, build them the way they should - these
are our unit tests. Then, it's up to the templating library to join
all the pieces into the final html page.
Brian Quinlan [EMAIL PROTECTED] wrote:
Actually, I wasn't kidding. I was basing this belief on greping through
the Python standard library where only the quote=None form is ever used.
It also matches my experience. But I don't have a large enough sample to
make any claim either way.
A
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Georg Brandl wrote:
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example, or even an
explanation of how it *could* break existing code?
Is that so hard to see? If cgi.escape replaced '
In message [EMAIL PROTECTED], Stuart
Bishop wrote:
People also use that function to escape non-HTML too - if they are using
it as documented, and it produces the correct results for them, great.
Note that the documentation doesn't say that input has to be HTML, nor
that output must be used as
At Monday 25/9/2006 11:08, Jon Ribbens wrote:
What precisely do you think it would break?
existing code, and existing tests.
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example, or even an
explanation of how it *could* break
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Brian Quinlan wrote:
Now you're just being ridiculous. In this thread you have been rude,
evasive, insulting, vague, hypocritical, and have failed to answer
substantive points in favour of sarcastic and erroneous sniping - I'd
suggest it's you
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Max M wrote:
It also makes the escaped html harder to read for standard cases.
and slows things down a bit.
(cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
obvious for anyone
Lawrence D'Oliveiro [EMAIL PROTECTED] wrote:
(cgi.escape(s, True) is slower than cgi.escape(s), for reasons that
are obvious for anyone who's looked at the code).
What you're doing is adding to the reasons why the existing cgi.escape
function is stupidly designed and implemented. The True
Lawrence D'Oliveiro [EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], Duncan Booth
wrote:
If I have a unicode string such as: u'\u201d' (right double quote),
then I want that encoded in my html as '#8221;' (or rdquo; but the
numeric form is better).
Right-double-quote is not an
Paul Rubin wrote:
Brian Quinlan [EMAIL PROTECTED] writes:
o cgi.escape is not meant for serious web application development,
What is it meant for then? Why should the library ever implement
anything in a half-assed way unsuitable for serious application
development, if it can supply a
Lawrence D'Oliveiro wrote:
Fredrik Lundh wrote:
you're not the designer...
I don't have to be. Whoever the designer was, they had not properly thought
through the uses of this function. That's quite obvious already, to anybody
who works with HTML a lot. So the function is broken and needs
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Brian Quinlan wrote:
A summary of this pointless argument:
Your summary seems pretty reasonable, but please note that later on,
the thread was not about cgi.escape escaping (or not) quote
characters (as described in your summary), but about
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M wrote:
Lawrence is right that the escape method doesn't work the way he expects
it to.
Rewriting a library module simply because a developer is surprised is a
*very* bad idea.
I'm not surprised. Disappointed, yes. Verging
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Lawrence D'Oliveiro wrote:
Georg Brandl wrote:
A function is broken if its implementation doesn't match the
documentation.
or if it doesn't match the
In message [EMAIL PROTECTED], Gabriel G
wrote:
At Monday 25/9/2006 11:08, Jon Ribbens wrote:
What precisely do you think it would break?
existing code, and existing tests.
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example,
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M wrote:
Lawrence is right that the escape method doesn't work the way he expects
it to.
Rewriting a library module simply because a developer is surprised is a
*very* bad
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Lawrence D'Oliveiro wrote:
Georg Brandl wrote:
A function is broken if its implementation doesn't match the
documentation.
or if it doesn't match the designer's intent. cgi.escape is old enough
that we
In article [EMAIL PROTECTED], Steve Holden wrote:
I would have hoped that people don't treat that as a licence to be
obnoxious, though. I am aware of Fredrik's history, which is why I
was somewhat surprised and disappointed that he was being so rude
and unpleasant in this thread. He is not
Jon Ribbens [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED], Duncan Booth wrote:
I guess you've never seen anyone write tests which retrieve some generated
html and compare it against the expected value. If the page contains any
unescaped quotes then this change would break it.
You're
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M wrote:
Lawrence is right that the escape method doesn't work the way he expects
it to.
Rewriting a library module simply because a developer is
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Steve Holden wrote:
I would have hoped that people don't treat that as a licence to be
obnoxious, though. I am aware of Fredrik's history, which is why I
was somewhat surprised and disappointed that he was being so rude
and unpleasant in this
Jon Ribbens wrote:
You're right - I've never seen anyone do such a thing. It sounds like
a highly dubious and very fragile sort of test to me, of very limited
use.
I have code that checks to see if my CGI scripts generate the pages
that I expect. That code would break. (Whether I should not
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
the same documentation tells people what function to use if they
want to quote *every-thing* that might need to be quoted, so if
people did actually understand everything that was written in a
reasonably clear way, this thread wouldn't even
Jon Ribbens wrote:
does the word information set mean anything to you?
You would appear to be talking about either game theory, or XML,
neither of which have anything to do with HTML.
you see no connection between XML's concept of information set and
HTML? (hint: what's XHTML?)
/F
--
Jon Ribbens wrote:
the same documentation tells people what function to use if they
want to quote *every-thing* that might need to be quoted, so if
people did actually understand everything that was written in a
reasonably clear way, this thread wouldn't even exist.
The fact that you don't
In article [EMAIL PROTECTED], Steve Holden wrote:
Why do you say that? I have confined myself to simple logical
arguments, and been frankly very restrained when presented with
rudeness and misunderstanding from other thread participants.
In what way should I have modified my postings?
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M
wrote:
Lawrence is right that the escape method doesn't work the way he
expects it to.
Sion Arrowsmith a écrit :
Jon Ribbens [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED], Duncan Booth wrote:
I guess you've never seen anyone write tests which retrieve some generated
html and compare it against the expected value. If the page contains any
unescaped quotes then this
Lawrence D'Oliveiro wrote:
(cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
obvious for anyone who's looked at the code).
What you're doing is adding to the reasons why the existing cgi.escape
function is stupidly designed and implemented. The True case is by far the
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M
wrote:
Lawrence is right that the escape method doesn't work the way
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
It's a pity he's being rude when presented with well-informed comment
then.
since when is the output of
[snip code]
well-informed? heck, it doesn't even pass the turing test ;-)
Since when did that bear any resemblance to what I have
Brian Quinlan [EMAIL PROTECTED] writes:
o cgi.escape is not meant for serious web application development,
What is it meant for then? Why should the library ever implement
anything in a half-assed way unsuitable for serious application
development, if it can supply a robust implementation
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
the same documentation tells people what function to use if they
want to quote *every-thing* that might need to be quoted, so if
people did actually understand everything that was written in a
reasonably clear way, this thread wouldn't even
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M
wrote:
Lawrence is right that the escape method doesn't work the way
Jon Ribbens wrote:
This has nothing to do with character encodings.
it has *everything* to do with encoding of existing data into HTML so it can be
safely transported to, and recreated by, an HTML-aware client.
does the word information set mean anything to you?
/F
--
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
This has nothing to do with character encodings.
it has *everything* to do with encoding of existing data into HTML
so it can be safely transported to, and recreated by, an HTML-aware
client.
I can't tell if you're disagreeing or not. You
A summary of this pointless argument:
Why cgi.escape should be changed to escape double quote (and maybe
single quote) characters by default:
o escaping should be very aggressive by default to avoid subtle bugs
o over-escaping is not likely to harm most program significantly
o people who do
In article [EMAIL PROTECTED], Brian Quinlan wrote:
A summary of this pointless argument:
Your summary seems pretty reasonable, but please note that later on,
the thread was not about cgi.escape escaping (or not) quote
characters (as described in your summary), but about Fredrik arguing,
somewhat
Jon Ribbens wrote:
If you don't know the answer, you can say so y'know.
I know the answer. I'm pretty sure everyone else who's actually read my posts
to this thread might have figured it out by now, too. But since you're still
trying
to win the debate, long after it's over, I think it's
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
I know the answer. I'm pretty sure everyone else who's actually
read my posts to this thread might have figured it out by now, too.
But since you're still trying to win the debate, long after it's
over, I think it's safest to end this thread
Jon Ribbens wrote:
I notice that yet again you've snipped the substantial point and
failed to answer it, presumably because you don't know how.
cute.
What do XML Information Sets have to do with escaping control
characters in HTML?
figure out the connection, and you'll have the answer to
In article [EMAIL PROTECTED], Brian Quinlan wrote:
Your summary seems pretty reasonable, but please note that later on,
the thread was not about cgi.escape escaping (or not) quote
characters (as described in your summary), but about Fredrik arguing,
somewhat incoherently, that it should have
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
Jon Ribbens wrote:
does the word information set mean anything to you?
You would appear to be talking about either game theory, or XML,
neither of which have anything to do with HTML.
I notice that yet again you've snipped the substantial
Georg Brandl wrote:
It says to HTML-safe sequences. That's reasonably clear without the need
to reproduce the exact replacements for each character.
the same documentation tells people what function to use if they want to quote
*every-
thing* that might need to be quoted, so if people did
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
What do XML Information Sets have to do with escaping control
characters in HTML?
figure out the connection, and you'll have the answer to your substantial
point.
If you don't know the answer, you can say so y'know. There's no shame
in it.
Jon Ribbens wrote:
It's a pity he's being rude when presented with well-informed comment
then.
since when is the output of
import random, sys
messages = [
that's irrelevant,
then their code is broken already,
that's not good enough,
then their tests are
Lawrence D'Oliveiro skrev:
In message [EMAIL PROTECTED], Gabriel G
wrote:
At Monday 25/9/2006 11:08, Jon Ribbens wrote:
What precisely do you think it would break?
existing code, and existing tests.
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you
In message [EMAIL PROTECTED], Dan
Bishop wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Max M wrote:
It also makes the escaped html harder to read for standard cases.
and slows things down a bit.
(cgi.escape(s, True) is slower than
Jon Ribbens wrote:
I guess, if you mean the part of the thread which went it'll break
existing code, what existing code? existing code but what
existing code? i dunno, just, er, code ok *how* will it break it?
i dunno, it just will?
See below for a possible example.
BTW, I am curious about
On 26 Sep 2006 15:53:46 GMT, Jon Ribbens [EMAIL PROTECTED] wrote:
To be honest I'm not sure what *sort* of code people test this way. It
just doesn't seem appropriate at all for web page generating code. Web
pages need to be manually viewed in web browsers, and validated, and
checked for
In article [EMAIL PROTECTED], Brian Quinlan wrote:
Well, there are dozens (hundreds?) of templating systems for Python.
I know, I wrote one of them ;-)
t = Template(test.html)
t['foo'] = 'Brian - Hi!'
assert str(t) == 'pBrian -gt; Hi/p'
So how would you test our template system?
What I
Simon Brunning wrote:
On 26 Sep 2006 15:53:46 GMT, Jon Ribbens [EMAIL PROTECTED] wrote:
To be honest I'm not sure what *sort* of code people test this way. It
just doesn't seem appropriate at all for web page generating code. Web
pages need to be manually viewed in web browsers, and
Brian Quinlan wrote:
I'd have to dig through the revision history to be sure, but I imagine
that cgi.escape was originally only used in the cgi module (and there
only in it's various print_* functions). Then it started being used by
other core Python modules e.g. cgitb, DocXMLRPCServer.
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Brian Quinlan wrote:
Well, there are dozens (hundreds?) of templating systems for Python.
I know, I wrote one of them ;-)
t = Template(test.html)
t['foo'] = 'Brian - Hi!'
assert str(t) == 'pBrian -gt; Hi/p'
So how would you test our
In article [EMAIL PROTECTED], Brian Quinlan wrote:
If, in the example that I showed, the less-than character was not
correctly escaped, then it might not manifest itself frequently in a
typical application because the less-than character is seldom used in
English prose.
OK, but effectively
At Tuesday 26/9/2006 04:16, Lawrence D'Oliveiro wrote:
What precisely do you think it would break?
FWIW, a *lot* of unit tests on *my* generated html code would break...
Why did you write your code that way?
Uhm, maybe because I relied on the published documentation of a
published
At Tuesday 26/9/2006 12:53, Jon Ribbens wrote:
BTW, I am curious about how you do unit testing. The example that I used
in my summary is a very common pattern but would break in cgi.escape
changed it's semantics. What do you do instead?
To be honest I'm not sure what *sort* of code people
Brian Quinlan [EMAIL PROTECTED] wrote:
A summary of this pointless argument:
Why cgi.escape should be changed to escape double quote (and maybe
single quote) characters by default:
o escaping should be very aggressive by default to avoid subtle bugs
o over-escaping is not likely to
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Jon Ribbens wrote:
This has nothing to do with character encodings.
it has *everything* to do with encoding of existing data into HTML so it
can be safely transported to, and recreated by, an HTML-aware client.
does the word
In message [EMAIL PROTECTED], John Bokma wrote:
Brian Quinlan [EMAIL PROTECTED] wrote:
o escaping attribute values is less common than escaping element
text
Again, you must be kidding...
I don't think Brian Quinlan was seriously trying to claim that was true,
only that was the
In message [EMAIL PROTECTED], Steve
Holden wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Max M
wrote:
Lawrence is
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Lawrence D'Oliveiro wrote:
(cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
obvious for anyone who's looked at the code).
What you're doing is adding to the reasons why the existing cgi.escape
function is stupidly
In message [EMAIL PROTECTED], Gabriel G
wrote:
At Tuesday 26/9/2006 04:16, Lawrence D'Oliveiro wrote:
What precisely do you think it would break?
FWIW, a *lot* of unit tests on *my* generated html code would break...
Why did you write your code that way?
Uhm, maybe because I relied on
In message [EMAIL PROTECTED], George
Sakkis wrote:
Lawrence D'Oliveiro wrote:
Fredrik Lundh wrote:
you're not the designer...
I don't have to be. Whoever the designer was, they had not properly
thought through the uses of this function. That's quite obvious already,
to anybody who works
Lawrence D'Oliveiro [EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], John Bokma
wrote:
[..]
... href=/search.cgi?query=3results=10
You _do_ realize that the should be escaped as amp;, don't you?
And what's /search.cgi?query=3results=10? An attribute value. Exactly
my point.
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
most HTML attributes cannot even contain things that would need
to be escaped ...
sys.stdout.write \
(
Email: INPUT TYPE=\TEXT\ NAME=\email_address\ VALUE=\%s\\n
%
QuoteHTML(WhateverTheUserPreviouslyTyped)
)
--
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], George
Sakkis wrote:
Lawrence D'Oliveiro wrote:
Fredrik Lundh wrote:
you're not the designer...
I don't have to be. Whoever the designer was, they had not properly
thought through the uses of this function. That's quite
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Steve
Holden wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL PROTECTED], Georg Brandl wrote:
Lawrence D'Oliveiro wrote:
In message [EMAIL
I would really rather this were a discussion than an argument. You will
now no doubt reply telling me I wouldn't.
My posting was issued as a response to the irritation engendered by your
argumentative style of debate. Your latest response simply proves that
there is indeed no remark, however
In message [EMAIL PROTECTED], Fredrik
Lundh wrote:
Georg Brandl wrote:
A function is broken if its implementation doesn't match the
documentation.
or if it doesn't match the designer's intent. cgi.escape is old enough
that we would have noticed that, by now...
_We_ certainly have
Lawrence D'Oliveiro wrote:
Georg Brandl wrote:
A function is broken if its implementation doesn't match the
documentation.
or if it doesn't match the designer's intent. cgi.escape is old enough
that we would have noticed that, by now...
_We_ certainly have noticed it.
you're not the
Jon Ribbens wrote:
Or if the design, as described in the documentation, is flawed in some
way.
it does exactly what it says, and is perfectly usable as is, if you bother to
use it the way it was intended to be used.
(still waiting for the jon's enhanced escape proposal, btw, but I guess it's
Jon Ribbens wrote:
since it doesn't deal with encodings at all.
Why does it need to? cgi.escape is (or should be) dealing with
character strings, not byte sequences. I must admit,
internationalisation is not my forte, so if there's something
I'm missing here I'd love to hear about it.
If
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
maybe you haven't done software long enough to understand that
software works better if you use it the way it was intended to be
used, but that's no excuse for being stupid.
So what's your excuse?
--
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
If you're really serious about making things easier to use, shouldn't
you look at the whole picture? HTML documents are byte streams, so
any transformation from internal character data to HTML must take both
escaping and encoding into
Jon Ribbens [EMAIL PROTECTED] wrote:
and will also break unit tests.
Er, so change the unit tests at the same time?
It is generally a principle of Python that new releases maintain backward
compatability. An incompatible change such proposed here would probably
break many tests for a large
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
(still waiting for the jon's enhanced escape proposal, btw, but I guess it's
easier to piss on others than to actually contribute something useful).
Well, yes, you certainly seem to be good at the pissing on others
part, even if you have to lie
Jon Ribbens wrote:
There's nothing to say that cgi.escape should take them both into account
in the one function
so what exactly are you using cgi.escape for in your code ?
What precisely do you think it would break?
existing code, and existing tests.
/F
--
Fredrik Lundh skrev:
Jon Ribbens wrote:
By the way, if you could try and put across your proposed arguments as
to why you don't favour this suggested change without the insults and
general rudeness, it would be appreciated.
I've already explained that, but since you're convinced that your
In article [EMAIL PROTECTED], Duncan Booth wrote:
It is generally a principle of Python that new releases maintain backward
compatability. An incompatible change such proposed here would probably
break many tests for a large number of people.
Why is the suggested change incompatible? What
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
There's nothing to say that cgi.escape should take them both into account
in the one function
so what exactly are you using cgi.escape for in your code ?
To escape characters so that they will be treated as character data
and not control
Max M wrote:
It also makes the escaped html harder to read for standard cases.
and slows things down a bit.
(cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
obvious for anyone who's looked at the code).
/F
--
http://mail.python.org/mailman/listinfo/python-list
Jon Ribbens wrote:
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
There's nothing to say that cgi.escape should take them both into account
in the one function
so what exactly are you using cgi.escape for in your code ?
To escape characters so that they will be treated as character
Jon Ribbens [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED], Duncan Booth
wrote:
It is generally a principle of Python that new releases maintain
backward compatability. An incompatible change such proposed here
would probably break many tests for a large number of people.
Why is
In article [EMAIL PROTECTED], Georg Brandl wrote:
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example, or even an
explanation of how it *could* break existing code?
Is that so hard to see? If cgi.escape replaced ' with an entity
Jon Ribbens skrev:
In article [EMAIL PROTECTED], Fredrik Lundh wrote:
There's nothing to say that cgi.escape should take them both into account
in the one function
so what exactly are you using cgi.escape for in your code ?
To escape characters so that they will be treated as character data
In article [EMAIL PROTECTED], Duncan Booth wrote:
I guess you've never seen anyone write tests which retrieve some generated
html and compare it against the expected value. If the page contains any
unescaped quotes then this change would break it.
You're right - I've never seen anyone do
Jon Ribbens skrev:
In article [EMAIL PROTECTED], Georg Brandl wrote:
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example, or even an
explanation of how it *could* break existing code?
Is that so hard to see? If cgi.escape replaced '
In article [EMAIL PROTECTED], Max M wrote:
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example, or even an
explanation of how it *could* break existing code?
Some examples are:
- Possibly any code that tests for string equality
Jon Ribbens wrote:
I'm sorry, that's not good enough. How, precisely, would it break
existing code?
('owdo Mr. Ribbens!)
It's possible there could be software that relies on ' not being
escaped, for example:
# Auto-markup links to O'Reilly, everyone's favourite
# example name with an
In article [EMAIL PROTECTED], Max M wrote:
Oh ... because you cannot see a use case for that *documented*
behaviour, it must certainly be wrong?
No, but if nobody else can find one either, that's a clue that maybe
it's safe to change.
Here's a point for you - the documentation for cgi.escape
Jon Ribbens [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED], Georg Brandl wrote:
I'm sorry, that's not good enough. How, precisely, would it break
existing code? Can you come up with an example, or even an
explanation of how it *could* break existing code?
Is that so hard to see? If
1 - 100 of 132 matches
Mail list logo