diff options
author | Georg Brandl <georg@python.org> | 2010-10-15 15:57:45 +0000 |
---|---|---|
committer | Georg Brandl <georg@python.org> | 2010-10-15 15:57:45 +0000 |
commit | 8741b8ecfd56c7b053a0f3f8009ec36167a6f69e (patch) | |
tree | a4c29d325df450da7b2f13ecb0ca3e455bbf224e /Lib/html | |
parent | 1aacb310b4dfc9b53372f7ab0e273330eee94e54 (diff) | |
download | cpython-8741b8ecfd56c7b053a0f3f8009ec36167a6f69e.tar.gz |
#2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning.
Diffstat (limited to 'Lib/html')
-rw-r--r-- | Lib/html/__init__.py | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/Lib/html/__init__.py b/Lib/html/__init__.py index 196d378857..335d214828 100644 --- a/Lib/html/__init__.py +++ b/Lib/html/__init__.py @@ -1 +1,20 @@ -# This directory is a Python package. +""" +General functions for HTML manipulation. +""" + + +_escape_map = {ord('&'): '&', ord('<'): '<', ord('>'): '>'} +_escape_map_full = {ord('&'): '&', ord('<'): '<', ord('>'): '>', + ord('"'): '"', ord('\''): '''} + +# NB: this is a candidate for a bytes/string polymorphic interface + +def escape(s, quote=True): + """ + Replace special characters "&", "<" and ">" to HTML-safe sequences. + If the optional flag quote is true (the default), the quotation mark + character (") is also translated. + """ + if quote: + return s.translate(_escape_map_full) + return s.translate(_escape_map) |