http://bugs.python.org/issue9061
On Tue, Jun 22, 2010 at 5:29 PM, Bill Janssen <jans...@parc.com> wrote: > Craig Younkins <cyounk...@gmail.com> wrote: > > > cgi.escape never escapes single quote characters, which can easily lead > to a > > Cross-Site Scripting (XSS) vulnerability. This seems to be known by many, > > but a quick search reveals many are using cgi.escape for HTML attribute > > escaping. > > Did you file a bug report? > > Bill >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com