Do not escape:
>>> print str(XML('<a>link</a>'))
<a>link</a>
Remove unsafe tags:
>>> print str(XML('<a>link</a>', sanitize=True))
link
Escape everything:
>>> print xmlescape('<a>link</a>')
<a>link</a>
On May 25, 10:47 am, Anthony <[email protected]> wrote:
> On Wednesday, May 25, 2011 11:24:12 AM UTC-4, Massimo Di Pierro wrote:
>
> > So this:
>
> > xss.xssescape(text)
>
> > would be the same as
>
> > str(XML(text))
>
> str(XML(text)) won't escape the text, will it? The __str__ method of an XML
> object just returns the unaltered text (unless sanitize=True), no?
>
> Anthony
