6 files changed, 24 insertions, 24 deletions

diff --git a/paste/evalexception/middleware.py b/paste/evalexception/middleware.py
index da7876d..f41a4f5 100644
--- a/paste/evalexception/middleware.py
+++ b/paste/evalexception/middleware.py
@@ -29,7 +29,7 @@ from __future__ import print_function
 
 import sys
 import os
-import cgi
+import html
 import traceback
 import six
 from six.moves import cStringIO as StringIO
@@ -54,7 +54,7 @@ def html_quote(v):
     """
     if v is None:
         return ''
-    return cgi.escape(str(v), 1)
+    return html.escape(str(v), 1)
 
 def preserve_whitespace(v, quote=True):
     """
@@ -527,7 +527,7 @@ def format_eval_html(exc_data, base_path, counter):
     <div id="text_version" class="hidden-data">
     <textarea style="width: 100%%" rows=10 cols=60>%s</textarea>
     </div>
-    """ % (short_er, full_traceback_html, cgi.escape(text_er))
+    """ % (short_er, full_traceback_html, html.escape(text_er))
 
 def make_repost_button(environ):
     url = request.construct_url(environ)
diff --git a/paste/exceptions/formatter.py b/paste/exceptions/formatter.py
index 09309de..3be07ef 100644
--- a/paste/exceptions/formatter.py
+++ b/paste/exceptions/formatter.py
@@ -7,13 +7,13 @@ Formatters for the exception data that comes from ExceptionCollector.
 # @@: TODO:
 # Use this: http://www.zope.org/Members/tino/VisualTraceback/VisualTracebackNews
 
-import cgi
+import html
 import six
 import re
 from paste.util import PySourceColor
 
 def html_quote(s):
-    return cgi.escape(str(s), True)
+    return html.escape(str(s), True)
 
 class AbstractFormatter(object):
 
@@ -463,7 +463,7 @@ def format_html(exc_data, include_hidden_frames=False, **ops):
     <div id="text_version" class="hidden-data">
     <textarea style="width: 100%%" rows=10 cols=60>%s</textarea>
     </div>
-    """ % (short_er, long_er, cgi.escape(text_er))
+    """ % (short_er, long_er, html.escape(text_er))
 
 def format_text(exc_data, **ops):
     return TextFormatter(**ops).format_collected_data(exc_data)
diff --git a/paste/url.py b/paste/url.py
index fb08d6d..653c657 100644
--- a/paste/url.py
+++ b/paste/url.py
@@ -5,7 +5,7 @@
 This module implements a class for handling URLs.
 """
 from six.moves.urllib.parse import parse_qsl, quote, unquote, urlencode
-import cgi
+import html
 from paste import request
 import six
 
@@ -17,7 +17,7 @@ __all__ = ["URL", "Image"]
 def html_quote(v):
     if v is None:
         return ''
-    return cgi.escape(str(v), 1)
+    return html.escape(str(v), 1)
 
 def url_quote(v):
     if v is None:
@@ -274,7 +274,7 @@ class URL(URLResource):
     >>> u['//foo'].param(content='view').html
     '<a href="http://localhost/view/foo">view</a>'
     >>> u.param(confirm='Really?', content='goto').html
-    '<a href="http://localhost/view" onclick="return confirm(\'Really?\')">goto</a>'
+    '<a href="http://localhost/view" onclick="return confirm(&#x27;Really?&#x27;)">goto</a>'
     >>> u(title='See "it"', content='goto').html
     '<a href="http://localhost/view?title=See+%22it%22">goto</a>'
     >>> u('another', var='fuggetaboutit', content='goto').html
@@ -373,7 +373,7 @@ class Button(URLResource):
     >>> u = u / 'delete'
     >>> b = u.button['confirm=Sure?'](id=5, content='del')
     >>> str(b)
-    '<button onclick="if (confirm(\'Sure?\')) {location.href=\'/delete?id=5\'}; return false">del</button>'
+    '<button onclick="if (confirm(&#x27;Sure?&#x27;)) {location.href=&#x27;/delete?id=5&#x27;}; return false">del</button>'
     """
 
     default_params = {'tag': 'button'}
@@ -417,7 +417,7 @@ class JSPopup(URLResource):
     >>> u = u / 'view'
     >>> j = u.js_popup(content='view')
     >>> j.html
-    '<a href="/view" onclick="window.open(\'/view\', \'_blank\'); return false" target="_blank">view</a>'
+    '<a href="/view" onclick="window.open(&#x27;/view&#x27;, &#x27;_blank&#x27;); return false" target="_blank">view</a>'
     """
 
     default_params = {'tag': 'a', 'target': '_blank'}
diff --git a/paste/urlmap.py b/paste/urlmap.py
index f721f2d..4ba19c1 100644
--- a/paste/urlmap.py
+++ b/paste/urlmap.py
@@ -6,7 +6,7 @@ Map URL prefixes to WSGI applications.  See ``URLMap``
 
 import re
 import os
-import cgi
+import html
 try:
     # Python 3
     from collections import MutableMapping as DictMixin
@@ -114,12 +114,12 @@ class URLMap(DictMixin):
                 ',\n  '.join(map(repr, matches)))
         else:
             extra = ''
-        extra += '\nSCRIPT_NAME: %r' % cgi.escape(environ.get('SCRIPT_NAME'))
-        extra += '\nPATH_INFO: %r' % cgi.escape(environ.get('PATH_INFO'))
-        extra += '\nHTTP_HOST: %r' % cgi.escape(environ.get('HTTP_HOST'))
+        extra += '\nSCRIPT_NAME: %r' % html.escape(environ.get('SCRIPT_NAME'))
+        extra += '\nPATH_INFO: %r' % html.escape(environ.get('PATH_INFO'))
+        extra += '\nHTTP_HOST: %r' % html.escape(environ.get('HTTP_HOST'))
         app = httpexceptions.HTTPNotFound(
             environ['PATH_INFO'],
-            comment=cgi.escape(extra)).wsgi_application
+            comment=html.escape(extra)).wsgi_application
         return app(environ, start_response)
 
     def normalize_url(self, url, trim=True):
diff --git a/paste/util/quoting.py b/paste/util/quoting.py
index df0d9da..c1f635f 100644
--- a/paste/util/quoting.py
+++ b/paste/util/quoting.py
@@ -1,7 +1,7 @@
 # (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
 # Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
 
-import cgi
+import html
 import six
 import re
 from six.moves import html_entities
@@ -22,17 +22,17 @@ def html_quote(v, encoding=None):
     if v is None:
         return ''
     elif isinstance(v, six.binary_type):
-        return cgi.escape(v, 1)
+        return html.escape(v, 1)
     elif isinstance(v, six.text_type):
         if six.PY3:
-            return cgi.escape(v, 1)
+            return html.escape(v, 1)
         else:
-            return cgi.escape(v.encode(encoding), 1)
+            return html.escape(v.encode(encoding), 1)
     else:
         if six.PY3:
-            return cgi.escape(six.text_type(v), 1)
+            return html.escape(six.text_type(v), 1)
         else:
-            return cgi.escape(six.text_type(v).encode(encoding), 1)
+            return html.escape(six.text_type(v).encode(encoding), 1)
 
 _unquote_re = re.compile(r'&([a-zA-Z]+);')
 def _entity_subber(match, name2c=html_entities.name2codepoint):
diff --git a/paste/util/template.py b/paste/util/template.py
index 5a63664..c1f22f3 100644
--- a/paste/util/template.py
+++ b/paste/util/template.py
@@ -33,7 +33,7 @@ If there are syntax errors ``TemplateError`` will be raised.
 import re
 import six
 import sys
-import cgi
+from html import escape
 from six.moves.urllib.parse import quote
 from paste.util.looper import looper
 
@@ -322,7 +322,7 @@ def html_quote(value):
             value = unicode(value)
         else:
             value = str(value)
-    value = cgi.escape(value, 1)
+    value = escape(value, 1)
     if six.PY2 and isinstance(value, unicode):
         value = value.encode('ascii', 'xmlcharrefreplace')
     return value