cpython/Lib/html/__init__.py

"""
General functions for HTML manipulation.
"""

# NB: this is a candidate for a bytes/string polymorphic interface

def escape(s, quote=True):
    """
    Replace special characters "&", "<" and ">" to HTML-safe sequences.
    If the optional flag quote is true (the default), the quotation mark
    characters, both double quote (") and single quote (') characters are also
    translated.
    """
    s = s.replace("&", "&amp;") # Must be done first!
    s = s.replace("<", "&lt;")
    s = s.replace(">", "&gt;")
    if quote:
        s = s.replace('"', "&quot;")
        s = s.replace('\'', "&#x27;")
    return s
#2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning. 2010-10-15 15:57:45 +00:00			`"""`
			`General functions for HTML manipulation.`
			`"""`

			`# NB: this is a candidate for a bytes/string polymorphic interface`

			`def escape(s, quote=True):`
			`"""`
			`Replace special characters "&", "<" and ">" to HTML-safe sequences.`
			`If the optional flag quote is true (the default), the quotation mark`
Fix issue12938 - Update the docstring of html.escape. Include the information on single quote. 2011-09-13 07:14:13 +08:00			`characters, both double quote (") and single quote (') characters are also`
			`translated.`
#2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning. 2010-10-15 15:57:45 +00:00			`"""`
#18020: improve html.escape speed by an order of magnitude. Patch by Matt Bryant. 2013-07-07 11:11:24 +02:00			`s = s.replace("&", "&") # Must be done first!`
			`s = s.replace("<", "<")`
			`s = s.replace(">", ">")`
#2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning. 2010-10-15 15:57:45 +00:00			`if quote:`
#18020: improve html.escape speed by an order of magnitude. Patch by Matt Bryant. 2013-07-07 11:11:24 +02:00			`s = s.replace('"', """)`
			`s = s.replace('\'', "'")`
			`return s`