Index: Doc/howto/webservers.rst
===================================================================
--- Doc/howto/webservers.rst (revision 84355)
+++ Doc/howto/webservers.rst (working copy)
@@ -293,7 +293,7 @@
# -*- coding: UTF-8 -*-
import sys, os
- from cgi import escape
+ from html import escape
from flup.server.fcgi import WSGIServer
def app(environ, start_response):
Index: Doc/library/markup.rst
===================================================================
--- Doc/library/markup.rst (revision 84355)
+++ Doc/library/markup.rst (working copy)
@@ -20,6 +20,7 @@
.. toctree::
+ html.rst
html.parser.rst
html.entities.rst
pyexpat.rst
Index: Doc/library/html.rst
===================================================================
--- Doc/library/html.rst (revision 0)
+++ Doc/library/html.rst (revision 0)
@@ -0,0 +1,15 @@
+:mod:`html` --- HyperText Markup Language support
+=================================================
+
+.. module:: html
+ :synopsis: Helpers for manipulating HTML.
+
+This module defines a number of utilities to manipulate HTML.
+
+.. function:: escape(s, quote=False)
+
+ Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
+ sequences. Use this if you need to display text that might contain such
+ characters in HTML. If the optional flag *quote* is true, the characters (``"``)
+ and (``'``) are also translated; this helps for inclusion in an HTML
+ attribute value delimited by quotes, as in ````.
Property changes on: Doc/library/html.rst
___________________________________________________________________
Added: svn:eol-style
+ native
Index: Doc/library/cgi.rst
===================================================================
--- Doc/library/cgi.rst (revision 84355)
+++ Doc/library/cgi.rst (working copy)
@@ -321,18 +321,10 @@
.. function:: escape(s, quote=False)
- Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
- sequences. Use this if you need to display text that might contain such
- characters in HTML. If the optional flag *quote* is true, the quotation mark
- character (``"``) is also translated; this helps for inclusion in an HTML
- attribute value delimited by double quotes, as in ````. Note
- that single quotes are never translated.
+ This function is deprecated in this module. Use :func:`html.escape`
+ instead. It is maintained here only for backward compatibility.
- If the value to be quoted might include single- or double-quote characters,
- or both, consider using the :func:`~xml.sax.saxutils.quoteattr` function in the
- :mod:`xml.sax.saxutils` module instead.
-
.. _cgi-security:
Caring about security
Index: Lib/http/server.py
===================================================================
--- Lib/http/server.py (revision 84355)
+++ Lib/http/server.py (working copy)
@@ -84,7 +84,7 @@
__all__ = ["HTTPServer", "BaseHTTPRequestHandler"]
-import cgi
+import html
import email.message
import email.parser
import http.client
@@ -677,7 +677,7 @@
return None
list.sort(key=lambda a: a.lower())
r = []
- displaypath = cgi.escape(urllib.parse.unquote(self.path))
+ displaypath = html.escape(urllib.parse.unquote(self.path))
r.append('')
r.append("\nDirectory listing for %s\n" % displaypath)
r.append("\nDirectory listing for %s
\n" % displaypath)
@@ -693,7 +693,7 @@
displayname = name + "@"
# Note: a link to a directory displays with @ and links with /
r.append('%s\n'
- % (urllib.parse.quote(linkname), cgi.escape(displayname)))
+ % (urllib.parse.quote(linkname), html.escape(displayname)))
r.append("\n
\n\n\n")
enc = sys.getfilesystemencoding()
encoded = ''.join(r).encode(enc)
Index: Lib/html/__init__.py
===================================================================
--- Lib/html/__init__.py (revision 84355)
+++ Lib/html/__init__.py (working copy)
@@ -1 +1,13 @@
-# This directory is a Python package.
+"""Helper functions for HTML manipulation."""
+
+def escape(s, quote=None):
+ """Replace special characters "&", "<" and ">" to HTML-safe sequences.
+ If the optional flag quote is true, the quotation mark character (")
+ is also translated."""
+ s = s.replace("&", "&") # Must be done first!
+ s = s.replace("<", "<")
+ s = s.replace(">", ">")
+ if quote:
+ s = s.replace('"', """)
+ s = s.replace('\'', "'")
+ return s
Index: Lib/cgi.py
===================================================================
--- Lib/cgi.py (revision 84355)
+++ Lib/cgi.py (working copy)
@@ -38,6 +38,7 @@
import urllib.parse
import email.parser
from warnings import warn
+import html
__all__ = ["MiniFieldStorage", "FieldStorage",
"parse", "parse_qs", "parse_qsl", "parse_multipart",
@@ -899,15 +900,10 @@
# =========
def escape(s, quote=None):
- '''Replace special characters "&", "<" and ">" to HTML-safe sequences.
- If the optional flag quote is true, the quotation mark character (")
- is also translated.'''
- s = s.replace("&", "&") # Must be done first!
- s = s.replace("<", "<")
- s = s.replace(">", ">")
- if quote:
- s = s.replace('"', """)
- return s
+ """Deprecated API."""
+ warn("cgi.escape is deprecated, use html.escape instead",
+ PendingDeprecationWarning)
+ return html.escape(s, quote)
def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):
import re
Index: Lib/lib2to3/tests/test_util.py
===================================================================
--- Lib/lib2to3/tests/test_util.py (revision 84355)
+++ Lib/lib2to3/tests/test_util.py (working copy)
@@ -568,8 +568,8 @@
def test_from_import(self):
node = parse('bar()')
- fixer_util.touch_import("cgi", "escape", node)
- self.assertEqual(str(node), 'from cgi import escape\nbar()\n\n')
+ fixer_util.touch_import("html", "escape", node)
+ self.assertEqual(str(node), 'from html import escape\nbar()\n\n')
def test_name_import(self):
node = parse('bar()')
Index: Lib/test/test_xml_etree.py
===================================================================
--- Lib/test/test_xml_etree.py (revision 84355)
+++ Lib/test/test_xml_etree.py (working copy)
@@ -12,7 +12,7 @@
# except if the test is specific to the Python implementation.
import sys
-import cgi
+import html
import unittest
from test import support
@@ -1319,7 +1319,7 @@
Example.
-""".format(cgi.escape(SIMPLE_XMLFILE, True))
+""".format(html.escape(SIMPLE_XMLFILE, True))
def xinclude_loader(href, parse="xml", encoding=None):
try: