This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author labrat
Recipients BreamoreBoy, Tomalak, ajaksu2, devon, effbot, ezio.melotti, labrat, moriyoshi
Date 2010-08-03.10:32:02
SpamBayes Score 0.00015085643
Marked as misclassified No
Message-id <1280831524.19.0.422574703523.issue5752@psf.upfronthosting.co.za>
In-reply-to
Content
And while we're at it, we should also

   .replace('&', '&amp;').replace('"', "&quot;").replace('<', '&lt;')

which would have to go at the beginning to avoid double-escaping the '&'.

We could use xml.sax.saxutils.escape to do all the escaping rather than chaining replaces:

   data = escape(data, {'"':'&quot;', '\r':'&#xD;', '\n':'&#xA;', '\t':'&#x9;'})

which also escapes '>' (not strictly required for attribute values, but shouldn't be harmful either).
History
Date User Action Args
2010-08-03 10:32:04labratsetrecipients: + labrat, effbot, ajaksu2, ezio.melotti, Tomalak, devon, moriyoshi, BreamoreBoy
2010-08-03 10:32:04labratsetmessageid: <1280831524.19.0.422574703523.issue5752@psf.upfronthosting.co.za>
2010-08-03 10:32:03labratlinkissue5752 messages
2010-08-03 10:32:02labratcreate