]> git.ipfire.org Git - thirdparty/tornado.git/commitdiff
projects / thirdparty / tornado.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e520b21)
Escape double quotes in addition to angle brackets and ampersands.
authorBen Darnell <bdarnell@beaker.local>
Fri, 2 Apr 2010 18:47:39 +0000 (11:47 -0700)
committerBen Darnell <bdarnell@beaker.local>
Fri, 2 Apr 2010 18:47:39 +0000 (11:47 -0700)
tornado/escape.py patch | blob | blame | history

diff --git a/tornado/escape.py b/tornado/escape.py
index 8773bf9c38519d57b638155ad5e32a1bc8d8cac8..bacb1c51d004dd7aa13361a5abb0b552f4da6669 100644 (file)
--- a/tornado/escape.py
+++ b/tornado/escape.py
@@ -44,7 +44,7 @@ except:
 
 def xhtml_escape(value):
     """Escapes a string so it is valid within XML or XHTML."""
-    return utf8(xml.sax.saxutils.escape(value))
+    return utf8(xml.sax.saxutils.escape(value, {'"': "&quot;"}))
 
 
 def xhtml_unescape(value):
Mirror of https://github.com/tornadoweb/tornado.git