Is there low hanging fruit for the following observation?  
The documentation of the python cgi module is vulnerable to XSS  
(cross site scripting)  
form = cgi.FieldStorage()  
print("<p>name:", form["name"].value)  
print("<p>addr:", form["addr"].value)  
First result on google for "tutorial python cgi"  
And it is almost the same as the python doc.  
I verified that setting ```name=<script>alert(document.domain)</script>```  
will trigger dialog, demonstrating javascript is executed  
on the cgi host.  
I would expect that devs who read the docs or tutorials will write  
vulnerable cgis.