http://bugs.python.org/issue9061 On Tue, Jun 22, 2010 at 5:29 PM, Bill Janssen <janssen at parc.com> wrote: > Craig Younkins <cyounkins at gmail.com> wrote: > > > cgi.escape never escapes single quote characters, which can easily lead > to a > > Cross-Site Scripting (XSS) vulnerability. This seems to be known by many, > > but a quick search reveals many are using cgi.escape for HTML attribute > > escaping. > > Did you file a bug report? > > Bill > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20100623/b05c3ee0/attachment.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4