Message 261951 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xiang.zhang
Recipients	martin.panter, xiang.zhang
Date	2016-03-18.07:37:19
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1458286640.12.0.32154090436.issue26585@psf.upfronthosting.co.za>
In-reply-to

Content
At first I also want to use html.escape(..., quote=False) since the spec only asks to escape quote signs in attribute. But after some search on Google, there are articles recommends escaping quote in content too: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

At first I also want to use html.escape(..., quote=False) since the spec only asks to escape quote signs in attribute. But after some search on Google, there are articles recommends escaping quote in content too: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

History
Date	User	Action	Args
2016-03-18 07:37:20	xiang.zhang	set	recipients: + xiang.zhang, martin.panter
2016-03-18 07:37:20	xiang.zhang	set	messageid: <1458286640.12.0.32154090436.issue26585@psf.upfronthosting.co.za>
2016-03-18 07:37:20	xiang.zhang	link	issue26585 messages
2016-03-18 07:37:19	xiang.zhang	create