Message 261951 - Python tracker
Message261951
| Author | xiang.zhang |
|---|---|
| Recipients | martin.panter, xiang.zhang |
| Date | 2016-03-18.07:37:19 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1458286640.12.0.32154090436.issue26585@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
At first I also want to use html.escape(..., quote=False) since the spec only asks to escape quote signs in attribute. But after some search on Google, there are articles recommends escaping quote in content too: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-03-18 07:37:20 | xiang.zhang | set | recipients: + xiang.zhang, martin.panter |
| 2016-03-18 07:37:20 | xiang.zhang | set | messageid: <1458286640.12.0.32154090436.issue26585@psf.upfronthosting.co.za> |
| 2016-03-18 07:37:20 | xiang.zhang | link | issue26585 messages |
| 2016-03-18 07:37:19 | xiang.zhang | create | |