W. Trevor King <wk...@drexel.edu> added the comment: And while we're at it, we should also
.replace('&', '&').replace('"', """).replace('<', '<') which would have to go at the beginning to avoid double-escaping the '&'. We could use xml.sax.saxutils.escape to do all the escaping rather than chaining replaces: data = escape(data, {'"':'"', '\r':'
', '\n':'
', '\t':'	'}) which also escapes '>' (not strictly required for attribute values, but shouldn't be harmful either). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue5752> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com