There are two warnings in this page: http://www.pythonsecurity.org/wiki/web2py/?version=22001
They have bot been addressed one year ago. They have been addressed by quoting the string. This is the expected bahviour. What problems does it cause you? Massimo On Nov 9, 6:55 pm, africanacloud <erictchonf...@gmail.com> wrote: > I am new to web2py and I have a problem understanding why all my > apostrophes are replaced by '. > > here is my table: > db.define_table('rooms', > Field('Name'), > > Field('created_on','datetime',default=request.now,writable=False,readable=F > alse)) > > below is my function: > > @service.xml > def rooms(): > ROOMS = db(db.rooms).select() > return ROOMS > > this is what I what the result is. > <Name>Lady'sRoom</Name> > Any of you know what is going on here?