On Wednesday, May 25, 2011 11:24:12 AM UTC-4, Massimo Di Pierro wrote: > > So this: > > xss.xssescape(text) > > would be the same as > > str(XML(text))
str(XML(text)) won't escape the text, will it? The __str__ method of an XML object just returns the unaltered text (unless sanitize=True), no? Anthony
