The documentation of the python cgi module is vulnerable to XSS
(cross site scripting)
https://docs.python.org/3/li Is there low hanging fruit for the following observation?
The documentation of the python cgi module is vulnerable to XSS
(cross site scripting)
https://docs.python.org/3/library/cgi.html
```
form = cgi.FieldStorage()
print("<p>name:", form["name"].value)
print("<p>addr:", form["addr"].value)
```
First result on google for "tutorial python cgi"
is https://www.tutorialspoint.com/python/python_cgi_programming.htm
And it is almost the same as the python doc.
I verified that setting ```name=<script>alert(document.domain)</script>```
will trigger dialog, demonstrating javascript is executed
on the cgi host.
I would expect that devs who read the docs or tutorials will write
vulnerable cgis.