Gregory P. Smith added the comment: As pointed out, this is working as intended and is documented as such. That it isn't what you want is why Python 3 has html.escape() instead.
---------- resolution: -> duplicate status: open -> closed superseder: -> cgi.escape Can Lead To XSS Vulnerabilities versions: +Python 2.7, Python 3.4, Python 3.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26398> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
