diff options
Diffstat (limited to 'django/utils/html.py')
| -rw-r--r-- | django/utils/html.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index e365cd41f6..4fefbc6355 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -30,6 +30,14 @@ simple_url_re = re.compile(r'^https?://\[?\w', re.IGNORECASE) simple_url_2_re = re.compile(r'^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$', re.IGNORECASE) simple_email_re = re.compile(r'^\S+@\S+\.\S+$') +_html_escapes = { + ord('&'): '&', + ord('<'): '<', + ord('>'): '>', + ord('"'): '"', + ord("'"): ''', +} + @keep_lazy(str, SafeText) def escape(text): @@ -41,10 +49,7 @@ def escape(text): This may result in double-escaping. If this is a concern, use conditional_escape() instead. """ - return mark_safe( - str(text).replace('&', '&').replace('<', '<') - .replace('>', '>').replace('"', '"').replace("'", ''') - ) + return mark_safe(str(text).translate(_html_escapes)) _js_escapes = { |
