Movatterモバイル変換

Message261951

➜

This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xiang.zhang
Recipients	martin.panter, xiang.zhang
Date	2016-03-18.07:37:19
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1458286640.12.0.32154090436.issue26585@psf.upfronthosting.co.za>
In-reply-to

Content
At first I also want to use html.escape(..., quote=False) since the spec only asks to escape quote signs in attribute. But after some search on Google, there are articles recommends escaping quote in content too:https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Content

At first I also want to use html.escape(..., quote=False) since the spec only asks to escape quote signs in attribute. But after some search on Google, there are articles recommends escaping quote in content too:https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

History
Date	User	Action	Args
2016-03-18 07:37:20	xiang.zhang	set	recipients: +xiang.zhang,martin.panter
2016-03-18 07:37:20	xiang.zhang	set	messageid: <1458286640.12.0.32154090436.issue26585@psf.upfronthosting.co.za>
2016-03-18 07:37:20	xiang.zhang	link	issue26585 messages
2016-03-18 07:37:19	xiang.zhang	create

Supported byThe Python Software Foundation,
Powered byRoundup