Ticket #2215: django-escape.diff

django/utils/html.py

@@ -1 +1 @@
 "HTML utilities suitable for global use."
 
 import re, string
+from htmlentitydefs import entitydefs
 
 # Configuration for urlize() function
 LEADING_PUNCTUATION  = ['(', '<', '&lt;']
@@ -21 +22 @@
 trailing_empty_content_re = re.compile(r'(?:<p>(?:&nbsp;|\s|<br \/>)*?</p>\s*)+\Z')
 del x # Temporary variable
 
+entitytrans = dict([(value, key) for key, value in entitydefs.iteritems() if len(value) == 1])
+entitytrans.pop(' ', None)
+entitytrans["'"] = '#39'
+
 def escape(html):
     "Returns the given HTML with ampersands, quotes and carets encoded"
-    if not isinstance(html, basestring):
-        html = str(html)
-    return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')
+    return ''.join([c in entitytrans and '&%s;' % entitytrans[c] or c for c in html])
 
 def linebreaks(value):
     "Converts newlines into <p> and <br />s"