Lawrence D'Oliveiro wrote:
> Another useful function is this:
>
> def JSString(Str) :
> """returns a JavaScript string literal that evaluates to Str
You can do this more simply:
_map = {"\\" : "", "\"" : "\\\"", "\t" : "\\t", "\n" : "\\n"}
def JSString(Str) :
Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
> Another useful function is this:
>
> def JSString(Str) :
> """returns a JavaScript string literal that evaluates to Str.
> Note I'm not worrying about non-ASCII characters for now."""
Here is a shorter alternative that handles
Another useful function is this:
def JSString(Str) :
"""returns a JavaScript string literal that evaluates to Str. Note
I'm not worrying about non-ASCII characters for now."""
Result = []
for Ch in Str :
if Ch == "\\" :
Ch = ""
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>> maybe you haven't done software long enough to understand that
>> software works better if you use it the way it was intended to be
>> used, but that's no excuse for being stupid.
>
> So what's your excuse?
If you don't
Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
>> Also, because Python has a
>> conservative policy on backwards incompatible changes, you are protected
>> from some wanker going and changing the HTML safe mappings arbitrarily,
>> say using numerical entity references instead of >, < and &.
>
>
In message <[EMAIL PROTECTED]>, Stuart
Bishop wrote:
> People also use that function to escape non-HTML too - if they are using
> it as documented, and it produces the correct results for them, great.
> Note that the documentation doesn't say that input has to be HTML, nor
> that output must be us
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>> I'm sorry, that's not good enough. How, precisely, would it break
>>> "existing code"? Can you come up with an example, or even an
>>> explanation of how it *could* break existing code?
>> Is that so hard to see? If cgi.es
Brian Quinlan <[EMAIL PROTECTED]> wrote:
> Actually, I wasn't kidding. I was basing this belief on greping through
> the Python standard library where only the quote=None form is ever used.
> It also matches my experience. But I don't have a large enough sample to
> make any claim either way.
>
In article <[EMAIL PROTECTED]>, Gabriel G wrote:
> By example, I do not validate a "page". I validate that all methods
> that make up pieces of a page, build them the way they should - these
> are our "unit tests". Then, it's up to the templating library to join
> all the pieces into the final h
John Bokma wrote:
>> Why cgi.escape should NOT be changed:
>> o it is current used in lots of code and changing it will almost
>>certainly break some of it, test suites at minimum e.g.
>>assert my_template_system("{foo}", foo='"') == '"'
>
> You must be kidding.
Nope. How do you write you
Georg Brandl <[EMAIL PROTECTED]> writes:
> Anthony Baxter wrote:
> >> I would really rather this were a discussion than an
> >> argument. You will now no doubt reply telling me I wouldn't.
> > The Complaints department is down the hall...
>
> Though some discussion participants seemingly want to s
Anthony Baxter wrote:
>> I would really rather this were a discussion than an argument. You will
>> now no doubt reply telling me I wouldn't.
>>
>> My posting was issued as a response to the irritation engendered by your
>> argumentative style of debate. Your latest response simply proves that
>> t
> I would really rather this were a discussion than an argument. You will
> now no doubt reply telling me I wouldn't.
>
> My posting was issued as a response to the irritation engendered by your
> argumentative style of debate. Your latest response simply proves that
> there is indeed no remark, ho
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Steve
> Holden wrote:
>
>
>>Lawrence D'Oliveiro wrote:
>>
>>>In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>>
>>>
>>>
Lawrence D'Oliveiro wrote:
>In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>
>
>
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, George
> Sakkis wrote:
>
> > Lawrence D'Oliveiro wrote:
> >
> >> Fredrik Lundh wrote:
> >> > you're not the designer...
> >>
> >> I don't have to be. Whoever the designer was, they had not properly
> >> thought through the uses of this f
In message <[EMAIL PROTECTED]>, Fredrik
Lundh wrote:
> most HTML attributes cannot even contain things that would need
> to be escaped ...
sys.stdout.write \
(
"Email: \n"
%
QuoteHTML(WhateverTheUserPreviouslyTyped)
)
--
http://mail.python.org/mailman/listinfo/python-list
Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
> In message <[EMAIL PROTECTED]>, John Bokma
> wrote:
[..]
>> ... href="/search.cgi?query=3&results=10"
>
> You _do_ realize that the "&" should be escaped as "&", don't you?
And what's "/search.cgi?query=3&results=10"? An attribute value. Exac
In message <[EMAIL PROTECTED]>, George
Sakkis wrote:
> Lawrence D'Oliveiro wrote:
>
>> Fredrik Lundh wrote:
>> > you're not the designer...
>>
>> I don't have to be. Whoever the designer was, they had not properly
>> thought through the uses of this function. That's quite obvious already,
>> to a
In message <[EMAIL PROTECTED]>, Gabriel G
wrote:
> At Tuesday 26/9/2006 04:16, Lawrence D'Oliveiro wrote:
>
>> >> >> What precisely do you think it would "break"?
>> > FWIW, a *lot* of unit tests on *my* generated html code would break...
>>Why did you write your code that way?
>
> Uhm, maybe be
In message <[EMAIL PROTECTED]>, Fredrik
Lundh wrote:
> Lawrence D'Oliveiro wrote:
>
>>> (cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
>>> obvious for anyone who's looked at the code).
>>
>> What you're doing is adding to the reasons why the existing cgi.escape
>> functio
In message <[EMAIL PROTECTED]>, Steve
Holden wrote:
> Lawrence D'Oliveiro wrote:
>> In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>
>>
>>>Lawrence D'Oliveiro wrote:
>>>
In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>Lawrence D'Oliveiro wrote:
>
>>In message
In message <[EMAIL PROTECTED]>, John Bokma wrote:
> Brian Quinlan <[EMAIL PROTECTED]> wrote:
>
>> o escaping attribute values is less common than escaping element
>>text
>
> Again, you must be kidding...
I don't think Brian Quinlan was seriously trying to claim that was true,
only that was
In message <[EMAIL PROTECTED]>, Fredrik
Lundh wrote:
> Jon Ribbens wrote:
>
>> This has nothing to do with character encodings.
>
> it has *everything* to do with encoding of existing data into HTML so it
> can be safely transported to, and recreated by, an HTML-aware client.
>
> does the word
Brian Quinlan <[EMAIL PROTECTED]> wrote:
> A summary of this pointless argument:
>
> Why cgi.escape should be changed to escape double quote (and maybe
> single quote) characters by default:
> o escaping should be very aggressive by default to avoid subtle bugs
> o over-escaping is not likely
At Tuesday 26/9/2006 12:53, Jon Ribbens wrote:
> BTW, I am curious about how you do unit testing. The example that I used
> in my summary is a very common pattern but would break in cgi.escape
> changed it's semantics. What do you do instead?
To be honest I'm not sure what *sort* of code people
At Tuesday 26/9/2006 04:16, Lawrence D'Oliveiro wrote:
>> >> What precisely do you think it would "break"?
> FWIW, a *lot* of unit tests on *my* generated html code would break...
Why did you write your code that way?
Uhm, maybe because I relied on the published documentation of a
published s
In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
> If, in the example that I showed, the less-than character was not
> correctly escaped, then it might not manifest itself frequently in a
> typical application because the less-than character is seldom used in
> English prose.
OK, but effect
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
>> Well, there are dozens (hundreds?) of templating systems for Python.
>
> I know, I wrote one of them ;-)
>
>> t = Template("test.html")
>> t['foo'] = 'Brian -> "Hi!"'
>> assert str(t) == 'Brian -> "Hi"'
>>
>> So how wou
Brian Quinlan wrote:
> I'd have to dig through the revision history to be sure, but I imagine
> that cgi.escape was originally only used in the cgi module (and there
> only in it's various print_* functions). Then it started being used by
> other core Python modules e.g. cgitb, DocXMLRPCServer.
Simon Brunning wrote:
> On 26 Sep 2006 15:53:46 GMT, Jon Ribbens <[EMAIL PROTECTED]> wrote:
> > To be honest I'm not sure what *sort* of code people test this way. It
> > just doesn't seem appropriate at all for web page generating code. Web
> > pages need to be manually viewed in web browsers, and
In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
> Well, there are dozens (hundreds?) of templating systems for Python.
I know, I wrote one of them ;-)
> t = Template("test.html")
> t['foo'] = 'Brian -> "Hi!"'
> assert str(t) == 'Brian -> "Hi"'
>
> So how would you test our template system?
On 26 Sep 2006 15:53:46 GMT, Jon Ribbens <[EMAIL PROTECTED]> wrote:
> To be honest I'm not sure what *sort* of code people test this way. It
> just doesn't seem appropriate at all for web page generating code. Web
> pages need to be manually viewed in web browsers, and validated, and
> checked for
Jon Ribbens wrote:
> I guess, if you mean the part of the thread which went "it'll break
> existing code", "what existing code"? "existing code" "but what
> existing code?" "i dunno, just, er, code" "ok *how* will it break it?"
> "i dunno, it just will"?
See below for a possible example.
>> BTW,
In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
>> Your summary seems pretty reasonable, but please note that later on,
>> the thread was not about cgi.escape escaping (or not) quote
>> characters (as described in your summary), but about Fredrik arguing,
>> somewhat incoherently, that it shou
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
> I know the answer. I'm pretty sure everyone else who's actually
> read my posts to this thread might have figured it out by now, too.
> But since you're still trying to "win" the debate, long after it's
> over, I think it's safest to end this
Jon Ribbens wrote:
> If you don't know the answer, you can say so y'know.
I know the answer. I'm pretty sure everyone else who's actually read my posts
to this thread might have figured it out by now, too. But since you're still
trying
to "win" the debate, long after it's over, I think it's sa
In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
> A summary of this pointless argument:
Your summary seems pretty reasonable, but please note that later on,
the thread was not about cgi.escape escaping (or not) quote
characters (as described in your summary), but about Fredrik arguing,
somewh
Jon Ribbens wrote:
> I notice that yet again you've snipped the substantial point and
> failed to answer it, presumably because you don't know how.
cute.
> What do XML Information Sets have to do with escaping control
> characters in HTML?
figure out the connection, and you'll have the answer t
A summary of this pointless argument:
Why cgi.escape should be changed to escape double quote (and maybe
single quote) characters by default:
o escaping should be very aggressive by default to avoid subtle bugs
o over-escaping is not likely to harm most program significantly
o people who do no
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>> What do XML Information Sets have to do with escaping control
>> characters in HTML?
>
> figure out the connection, and you'll have the answer to your "substantial
> point".
If you don't know the answer, you can say so y'know. There's no sha
Jon Ribbens wrote:
> It's a pity he's being rude when presented with well-informed comment
> then.
since when is the output of
import random, sys
messages = [
"that's irrelevant",
"then their code is broken already",
"that's not good enough",
"then their t
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>> This has nothing to do with character encodings.
>
> it has *everything* to do with encoding of existing data into HTML
> so it can be safely transported to, and recreated by, an HTML-aware
> client.
I can't tell if you're disagreeing or not
Georg Brandl wrote:
> It says "to HTML-safe sequences". That's reasonably clear without the need
> to reproduce the exact replacements for each character.
the same documentation tells people what function to use if they want to quote
*every-
thing* that might need to be quoted, so if people did
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>
>
>>Lawrence D'Oliveiro wrote:
>>
>>>In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>>
>>>
Lawrence D'Oliveiro wrote:
>In message <[EMAIL PROTECTED]>, Max M
>wrote:
>
>
>>Lawrence
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>>> the same documentation tells people what function to use if they
>>> want to quote *every-thing* that might need to be quoted, so if
>>> people did actually understand everything that was written in a
>>> reasonably clear way, this thread wou
Jon Ribbens wrote:
> This has nothing to do with character encodings.
it has *everything* to do with encoding of existing data into HTML so it can be
safely transported to, and recreated by, an HTML-aware client.
does the word "information set" mean anything to you?
--
http://mail.python.
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
> Jon Ribbens wrote:
>
>>> does the word "information set" mean anything to you?
>>
>> You would appear to be talking about either game theory, or XML,
>> neither of which have anything to do with HTML.
I notice that yet again you've snipped th
Brian Quinlan <[EMAIL PROTECTED]> writes:
> o cgi.escape is not meant for serious web application development,
What is it meant for then? Why should the library ever implement
anything in a half-assed way unsuitable for serious application
development, if it can supply a robust implementation ins
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>> It's a pity he's being rude when presented with well-informed comment
>> then.
>
> since when is the output of
>
[snip code]
>
> well-informed? heck, it doesn't even pass the turing test ;-)
Since when did that bear any resemblance to wha
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>
>> Lawrence D'Oliveiro wrote:
>>> In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>>
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Max M
> wrote:
>
>> Lawrence is right tha
Lawrence D'Oliveiro wrote:
>> (cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
>> obvious for anyone who's looked at the code).
>
> What you're doing is adding to the reasons why the existing cgi.escape
> function is stupidly designed and implemented. The True case is by far
Sion Arrowsmith a écrit :
> Jon Ribbens <[EMAIL PROTECTED]> wrote:
>> In article <[EMAIL PROTECTED]>, Duncan Booth wrote:
>>> I guess you've never seen anyone write tests which retrieve some generated
>>> html and compare it against the expected value. If the page contains any
>>> unescaped quot
In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
> Lawrence D'Oliveiro wrote:
>> In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>
>>> Lawrence D'Oliveiro wrote:
In message <[EMAIL PROTECTED]>, Max M
wrote:
> Lawrence is right that the escape method doesn't work the wa
Jon Ribbens wrote:
>> the same documentation tells people what function to use if they
>> want to quote *every-thing* that might need to be quoted, so if
>> people did actually understand everything that was written in a
>> reasonably clear way, this thread wouldn't even exist.
>
> The fact that y
In article <[EMAIL PROTECTED]>, Steve Holden wrote:
>> Why do you say that? I have confined myself to simple logical
>> arguments, and been frankly very restrained when presented with
>> rudeness and misunderstanding from other thread participants.
>> In what way should I have modified my postings?
Jon Ribbens wrote:
>> does the word "information set" mean anything to you?
>
> You would appear to be talking about either game theory, or XML,
> neither of which have anything to do with HTML.
you see no connection between XML's concept of information set and
HTML? (hint: what's XHTML?)
Jon Ribbens wrote:
> You're right - I've never seen anyone do such a thing. It sounds like
> a highly dubious and very fragile sort of test to me, of very limited
> use.
I have code that checks to see if my CGI scripts generate the pages
that I expect. That code would break. (Whether I should n
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
> the same documentation tells people what function to use if they
> want to quote *every-thing* that might need to be quoted, so if
> people did actually understand everything that was written in a
> reasonably clear way, this thread wouldn't ev
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Steve Holden wrote:
>
>>>I would have hoped that people don't treat that as a licence to be
>>>obnoxious, though. I am aware of Fredrik's history, which is why I
>>>was somewhat surprised and disappointed that he was being so rude
>>>and unpleas
Jon Ribbens <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, Duncan Booth wrote:
>> I guess you've never seen anyone write tests which retrieve some generated
>> html and compare it against the expected value. If the page contains any
>> unescaped quotes then this change would break i
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
>
>> Lawrence D'Oliveiro wrote:
>>> In message <[EMAIL PROTECTED]>, Max M wrote:
>>>
Lawrence is right that the escape method doesn't work the way he expects
it to.
Rewriting a library module sim
In article <[EMAIL PROTECTED]>, Steve Holden wrote:
>> I would have hoped that people don't treat that as a licence to be
>> obnoxious, though. I am aware of Fredrik's history, which is why I
>> was somewhat surprised and disappointed that he was being so rude
>> and unpleasant in this thread. He i
Lawrence D'Oliveiro skrev:
> In message <[EMAIL PROTECTED]>, Gabriel G
> wrote:
>
>> At Monday 25/9/2006 11:08, Jon Ribbens wrote:
>>
> What precisely do you think it would "break"?
existing code, and existing tests.
>>> I'm sorry, that's not good enough. How, precisely, would it break
>>
In message <[EMAIL PROTECTED]>, Dan
Bishop wrote:
> Lawrence D'Oliveiro wrote:
>> In message <[EMAIL PROTECTED]>, Fredrik
>> Lundh wrote:
>>
>> > Max M wrote:
>> >
>> >> It also makes the escaped html harder to read for standard cases.
>> >
>> > and slows things down a bit.
>> >
>> > (cgi.escape(
In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
> Lawrence D'Oliveiro wrote:
>> In message <[EMAIL PROTECTED]>, Max M wrote:
>>
>>> Lawrence is right that the escape method doesn't work the way he expects
>>> it to.
>>>
>>> Rewriting a library module simply because a developer is surprised i
In message <[EMAIL PROTECTED]>, Gabriel G
wrote:
> At Monday 25/9/2006 11:08, Jon Ribbens wrote:
>
>> >> What precisely do you think it would "break"?
>> >
>> > existing code, and existing tests.
>>
>>I'm sorry, that's not good enough. How, precisely, would it break
>>"existing code"? Can you com
In message <[EMAIL PROTECTED]>, Georg Brandl wrote:
> Lawrence D'Oliveiro wrote:
>> In message <[EMAIL PROTECTED]>, Fredrik
>> Lundh wrote:
>>
>>> Lawrence D'Oliveiro wrote:
>>>
> Georg Brandl wrote:
>
>> A function is broken if its implementation doesn't match the
>> documentati
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Fredrik
> Lundh wrote:
>
>> Lawrence D'Oliveiro wrote:
>>
Georg Brandl wrote:
> A function is broken if its implementation doesn't match the
> documentation.
or if it doesn't match the designer's intent. cgi
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Max M wrote:
>
>> Lawrence is right that the escape method doesn't work the way he expects
>> it to.
>>
>> Rewriting a library module simply because a developer is surprised is a
>> *very* bad idea.
>
> I'm not surprised. Disappointed,
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
>> A summary of this pointless argument:
>
> Your summary seems pretty reasonable, but please note that later on,
> the thread was not about cgi.escape escaping (or not) quote
> characters (as described in your summary), but
Lawrence D'Oliveiro wrote:
> Fredrik Lundh wrote:
> > you're not the designer...
>
> I don't have to be. Whoever the designer was, they had not properly thought
> through the uses of this function. That's quite obvious already, to anybody
> who works with HTML a lot. So the function is broken and
Paul Rubin wrote:
> Brian Quinlan <[EMAIL PROTECTED]> writes:
>> o cgi.escape is not meant for serious web application development,
>
> What is it meant for then? Why should the library ever implement
> anything in a half-assed way unsuitable for serious application
> development, if it can suppl
Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
> In message <[EMAIL PROTECTED]>, Duncan Booth
> wrote:
>
>> If I have a unicode string such as: u'\u201d' (right double quote),
>> then I want that encoded in my html as '”' (or ” but the
>> numeric form is better).
>
> Right-double-quote is not a
Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
>> (cgi.escape(s, True) is slower than cgi.escape(s), for reasons that
>> are obvious for anyone who's looked at the code).
>
> What you're doing is adding to the reasons why the existing cgi.escape
> function is stupidly designed and implemented. Th
Lawrence D'Oliveiro wrote:
> In message <[EMAIL PROTECTED]>, Fredrik
> Lundh wrote:
>
> > Max M wrote:
> >
> >> It also makes the escaped html harder to read for standard cases.
> >
> > and slows things down a bit.
> >
> > (cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
> >
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
>
>>>Now you're just being ridiculous. In this thread you have been rude,
>>>evasive, insulting, vague, hypocritical, and have failed to answer
>>>substantive points in favour of sarcastic and erroneous sniping - I'd
>>>sugg
At Monday 25/9/2006 11:08, Jon Ribbens wrote:
>> What precisely do you think it would "break"?
>
> existing code, and existing tests.
I'm sorry, that's not good enough. How, precisely, would it break
"existing code"? Can you come up with an example, or even an
explanation of how it *could* brea
On Mon, 25 Sep 2006 16:48:03 +0200, Max M wrote:
> Any change in Python that has these consequences will rightfully be
> considered a bug. So what you are suggesting is to knowingly introduce a
> bug in the standard library!
It isn't like there have never been backwards _in_compatible changes
In message <[EMAIL PROTECTED]>, Fredrik
Lundh wrote:
> Lawrence D'Oliveiro wrote:
>
>>> Georg Brandl wrote:
>>>
A function is broken if its implementation doesn't match the
documentation.
>>>
>>> or if it doesn't match the designer's intent. cgi.escape is old enough
>>> that we would h
In message <[EMAIL PROTECTED]>, Fredrik
Lundh wrote:
> In article <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>> I'm sorry, that's not good enough. How, precisely, would it break
>>> "existing code"? Can you come up with an example, or even an
>>> explanation of how it could break existing code?
>>
In message <[EMAIL PROTECTED]>, Max M wrote:
> Jon Ribbens skrev:
>> In article <[EMAIL PROTECTED]>, Fredrik
>> Lundh wrote:
There's nothing to say that cgi.escape should take them both into
account in the one function
>>> so what exactly are you using cgi.escape for in your code ?
>>
>
In message <[EMAIL PROTECTED]>, Fredrik
Lundh wrote:
> Max M wrote:
>
>> It also makes the escaped html harder to read for standard cases.
>
> and slows things down a bit.
>
> (cgi.escape(s, True) is slower than cgi.escape(s), for reasons that are
> obvious for anyone who's looked at the code)
In message <[EMAIL PROTECTED]>, Max M wrote:
> Lawrence is right that the escape method doesn't work the way he expects
> it to.
>
> Rewriting a library module simply because a developer is surprised is a
> *very* bad idea.
I'm not surprised. Disappointed, yes. Verging on disgust at some comment
In message <[EMAIL PROTECTED]>, Duncan Booth wrote:
> If I have a unicode string such as: u'\u201d' (right double quote), then I
> want that encoded in my html as '”' (or ” but the numeric form
> is better).
Right-double-quote is not an HTML special, so there's no need to quote it.
I'm only conce
In article <[EMAIL PROTECTED]>, Georg Brandl wrote:
>> Here's a point for you - the documentation for cgi.escape says that
>> the characters "&", "<" and ">" are converted, but not what they are
>> converted to.
>
> It says "to HTML-safe sequences". That's reasonably clear without the need
> to re
Fredrik Lundh wrote:
> Jon Ribbens wrote:
>
> > Making cgi.escape always escape the '"' character would not break
> > anything, and would probably fix a few bugs in existing code. Yes,
> > those bugs are not cgi.escape's fault, but that's no reason not to
> > be helpful. It's a minor improvement wi
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Max M wrote:
>> Oh ... because you cannot see a use case for that *documented*
>> behaviour, it must certainly be wrong?
>
> No, but if nobody else can find one either, that's a clue that maybe
> it's safe to change.
>
> Here's a point for you
In article <[EMAIL PROTECTED]>, Brian Quinlan wrote:
>> Now you're just being ridiculous. In this thread you have been rude,
>> evasive, insulting, vague, hypocritical, and have failed to answer
>> substantive points in favour of sarcastic and erroneous sniping - I'd
>> suggest it's you that needs
Jon Ribbens wrote:
> In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>>> It's up to me to decide whether or not an argument is good enough to
>>> convince me, thank you very much.
>> not if you expect anyone to take anything you say seriously.
>
> Now you're just being ridiculous. In this thr
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>> It's up to me to decide whether or not an argument is good enough to
>> convince me, thank you very much.
>
> not if you expect anyone to take anything you say seriously.
Now you're just being ridiculous. In this thread you have been rude,
e
Jon Ribbens wrote:
> It's up to me to decide whether or not an argument is good enough to
> convince me, thank you very much.
not if you expect anyone to take anything you say seriously.
--
http://mail.python.org/mailman/listinfo/python-list
In article <[EMAIL PROTECTED]>, Filip Salomonsson wrote:
>> Here's a point for you - the documentation for cgi.escape says that
>> the characters "&", "<" and ">" are converted, but not what they are
>> converted to.
>
> If the documentation isn't clear enough, that means the documentation
> shoul
In article <[EMAIL PROTECTED]>, Fredrik Lundh wrote:
>> Sorry, that's still not good enough.
>
> that's not up to you to decide, though.
It's up to me to decide whether or not an argument is good enough to
convince me, thank you very much.
--
http://mail.python.org/mailman/listinfo/python-list
On 25 Sep 2006 15:13:30 GMT, Jon Ribbens <[EMAIL PROTECTED]> wrote:
>
> Here's a point for you - the documentation for cgi.escape says that
> the characters "&", "<" and ">" are converted, but not what they are
> converted to.
If the documentation isn't clear enough, that means the documentation
s
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>> I'm sorry, that's not good enough. How, precisely, would it break
>> "existing code"?
>
> ('owdo Mr. Ribbens!)
Good afternoon Mr Glover ;-)
> URI= 'http://www.oreilly.com/'
> html= cgi.escape(text)
> html= html.replace('O\'R
Jon Ribbens wrote:
> Sorry, that's still not good enough.
that's not up to you to decide, though.
--
http://mail.python.org/mailman/listinfo/python-list
Jon Ribbens <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>, Georg Brandl wrote:
>>> I'm sorry, that's not good enough. How, precisely, would it break
>>> "existing code"? Can you come up with an example, or even an
>>> explanation of how it *could* break existing code?
>>
>> Is that
In article <[EMAIL PROTECTED]>, Max M wrote:
> Oh ... because you cannot see a use case for that *documented*
> behaviour, it must certainly be wrong?
No, but if nobody else can find one either, that's a clue that maybe
it's safe to change.
Here's a point for you - the documentation for cgi.esca
Jon Ribbens wrote:
> I'm sorry, that's not good enough. How, precisely, would it break
> "existing code"?
('owdo Mr. Ribbens!)
It's possible there could be software that relies on ' not being
escaped, for example:
# Auto-markup links to O'Reilly, everyone's favourite
# example name with
In article <[EMAIL PROTECTED]>, Max M wrote:
>> I'm sorry, that's not good enough. How, precisely, would it break
>> "existing code"? Can you come up with an example, or even an
>> explanation of how it *could* break existing code?
>
> Some examples are:
>
> - Possibly any code that tests for str
1 - 100 of 132 matches
Mail list logo
