Index: Doc/howto/webservers.rst
===================================================================
--- Doc/howto/webservers.rst	(revision 84337)
+++ Doc/howto/webservers.rst	(working copy)
@@ -293,7 +293,7 @@
     # -*- coding: UTF-8 -*-
 
     import sys, os
-    from cgi import escape
+    from html import escape
     from flup.server.fcgi import WSGIServer
 
     def app(environ, start_response):
Index: Doc/library/markup.rst
===================================================================
--- Doc/library/markup.rst	(revision 84337)
+++ Doc/library/markup.rst	(working copy)
@@ -20,6 +20,7 @@
 
 .. toctree::
 
+   html.rst
    html.parser.rst
    html.entities.rst
    pyexpat.rst
Index: Doc/library/html.rst
===================================================================
--- Doc/library/html.rst	(revision 0)
+++ Doc/library/html.rst	(revision 0)
@@ -0,0 +1,20 @@
+:mod:`html` --- HyperText Markup Language support
+=================================================
+
+.. module:: html
+   :synopsis: Helpers for manipulating HTML.
+   
+This module defines a number of utilities to manipulate HTML.
+
+.. function:: escape(s, quote=False)
+
+   Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
+   sequences.  Use this if you need to display text that might contain such
+   characters in HTML.  If the optional flag *quote* is true, the quotation mark
+   character (``"``) is also translated; this helps for inclusion in an HTML
+   attribute value delimited by double quotes, as in ``<a href="...">``.  Note
+   that single quotes are never translated.
+
+   If the value to be quoted might include single- or double-quote characters,
+   or both, consider using the :func:`~xml.sax.saxutils.quoteattr` function in the
+   :mod:`xml.sax.saxutils` module instead.

Property changes on: Doc/library/html.rst
___________________________________________________________________
Added: svn:eol-style
   + native

Index: Doc/library/cgi.rst
===================================================================
--- Doc/library/cgi.rst	(revision 84337)
+++ Doc/library/cgi.rst	(working copy)
@@ -321,18 +321,10 @@
 
 .. function:: escape(s, quote=False)
 
-   Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
-   sequences.  Use this if you need to display text that might contain such
-   characters in HTML.  If the optional flag *quote* is true, the quotation mark
-   character (``"``) is also translated; this helps for inclusion in an HTML
-   attribute value delimited by double quotes, as in ``<a href="...">``.  Note
-   that single quotes are never translated.
+   This function is deprecated in this module. Use :func:`html.escape`
+   instead. It is maintained here only for backward compatibility.
 
-   If the value to be quoted might include single- or double-quote characters,
-   or both, consider using the :func:`~xml.sax.saxutils.quoteattr` function in the
-   :mod:`xml.sax.saxutils` module instead.
 
-
 .. _cgi-security:
 
 Caring about security
Index: Lib/http/server.py
===================================================================
--- Lib/http/server.py	(revision 84337)
+++ Lib/http/server.py	(working copy)
@@ -84,7 +84,7 @@
 
 __all__ = ["HTTPServer", "BaseHTTPRequestHandler"]
 
-import cgi
+import html
 import email.message
 import email.parser
 import http.client
@@ -677,7 +677,7 @@
             return None
         list.sort(key=lambda a: a.lower())
         r = []
-        displaypath = cgi.escape(urllib.parse.unquote(self.path))
+        displaypath = html.escape(urllib.parse.unquote(self.path))
         r.append('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">')
         r.append("<html>\n<title>Directory listing for %s</title>\n" % displaypath)
         r.append("<body>\n<h2>Directory listing for %s</h2>\n" % displaypath)
@@ -693,7 +693,7 @@
                 displayname = name + "@"
                 # Note: a link to a directory displays with @ and links with /
             r.append('<li><a href="%s">%s</a>\n'
-                    % (urllib.parse.quote(linkname), cgi.escape(displayname)))
+                    % (urllib.parse.quote(linkname), html.escape(displayname)))
         r.append("</ul>\n<hr>\n</body>\n</html>\n")
         enc = sys.getfilesystemencoding()
         encoded = ''.join(r).encode(enc)
Index: Lib/html/__init__.py
===================================================================
--- Lib/html/__init__.py	(revision 84337)
+++ Lib/html/__init__.py	(working copy)
@@ -1 +1,13 @@
-# This directory is a Python package.
+"""Helper functions for HTML manipulation."""
+
+def escape(s, quote=None):
+    """Replace special characters "&", "<" and ">" to HTML-safe sequences.
+    If the optional flag quote is true, the quotation mark character (")
+    is also translated."""
+    s = s.replace("&", "&amp;") # Must be done first!
+    s = s.replace("<", "&lt;")
+    s = s.replace(">", "&gt;")
+    if quote:
+        s = s.replace('"', "&quot;")
+        s = s.replace('\'', "&#x27;")
+    return s
Index: Lib/cgi.py
===================================================================
--- Lib/cgi.py	(revision 84337)
+++ Lib/cgi.py	(working copy)
@@ -38,6 +38,7 @@
 import urllib.parse
 import email.parser
 from warnings import warn
+import html
 
 __all__ = ["MiniFieldStorage", "FieldStorage",
            "parse", "parse_qs", "parse_qsl", "parse_multipart",
@@ -899,15 +900,10 @@
 # =========
 
 def escape(s, quote=None):
-    '''Replace special characters "&", "<" and ">" to HTML-safe sequences.
-    If the optional flag quote is true, the quotation mark character (")
-    is also translated.'''
-    s = s.replace("&", "&amp;") # Must be done first!
-    s = s.replace("<", "&lt;")
-    s = s.replace(">", "&gt;")
-    if quote:
-        s = s.replace('"', "&quot;")
-    return s
+    """Deprecated API."""
+    warn("cgi.escape is deprecated, use html.escape instead",
+         PendingDeprecationWarning)
+    return html.escape(s, quote)
 
 def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):
     import re
Index: Lib/lib2to3/tests/test_util.py
===================================================================
--- Lib/lib2to3/tests/test_util.py	(revision 84337)
+++ Lib/lib2to3/tests/test_util.py	(working copy)
@@ -568,8 +568,8 @@
 
     def test_from_import(self):
         node = parse('bar()')
-        fixer_util.touch_import("cgi", "escape", node)
-        self.assertEqual(str(node), 'from cgi import escape\nbar()\n\n')
+        fixer_util.touch_import("html", "escape", node)
+        self.assertEqual(str(node), 'from html import escape\nbar()\n\n')
 
     def test_name_import(self):
         node = parse('bar()')
Index: Lib/test/test_xml_etree.py
===================================================================
--- Lib/test/test_xml_etree.py	(revision 84337)
+++ Lib/test/test_xml_etree.py	(working copy)
@@ -12,7 +12,7 @@
 # except if the test is specific to the Python implementation.
 
 import sys
-import cgi
+import html
 import unittest
 
 from test import support
@@ -1319,7 +1319,7 @@
   <p>Example.</p>
   <xi:include href="{}"/>
 </document>
-""".format(cgi.escape(SIMPLE_XMLFILE, True))
+""".format(html.escape(SIMPLE_XMLFILE, True))
 
 def xinclude_loader(href, parse="xml", encoding=None):
     try: