On Jun 22, 2010, at 5:14 PM, Craig Younkins wrote:
I suggest rewording the documentation for the method making it more clear what it should and should not be used for. I would like to see the method changed to properly escape single-quotes, but if it is not changed, the documentation should explicitly say this method does not make input safe for inclusion in HTML.
Well, it *does* make the input safe for inclusion in HTML...in a double-quoted attribute.
The docs could make it clearer that you should always use double- quotes around your attribute values when using it, though, I agree.
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
