From abb636c1af7b2fd00a624985f60b7aff07374580 Mon Sep 17 00:00:00 2001 From: Tom Date: Fri, 13 Oct 2017 02:02:04 +0100 Subject: Improved performance of utils.html.escape(). --- django/utils/html.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'django/utils/html.py') diff --git a/django/utils/html.py b/django/utils/html.py index e365cd41f6..4fefbc6355 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -30,6 +30,14 @@ simple_url_re = re.compile(r'^https?://\[?\w', re.IGNORECASE) simple_url_2_re = re.compile(r'^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$', re.IGNORECASE) simple_email_re = re.compile(r'^\S+@\S+\.\S+$') +_html_escapes = { + ord('&'): '&', + ord('<'): '<', + ord('>'): '>', + ord('"'): '"', + ord("'"): ''', +} + @keep_lazy(str, SafeText) def escape(text): @@ -41,10 +49,7 @@ def escape(text): This may result in double-escaping. If this is a concern, use conditional_escape() instead. """ - return mark_safe( - str(text).replace('&', '&').replace('<', '<') - .replace('>', '>').replace('"', '"').replace("'", ''') - ) + return mark_safe(str(text).translate(_html_escapes)) _js_escapes = { -- cgit v1.3