#2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning.

Lib/test/test_html.py

@@ -0,0 +1,24 @@
+"""
+Tests for the html module functions.
+"""
+
+import html
+import unittest
+from test.support import run_unittest
+
+
+class HtmlTests(unittest.TestCase):
+    def test_escape(self):
+        self.assertEqual(
+            html.escape('\'<script>"&foo;"</script>\''),
+            '&#x27;&lt;script&gt;&quot;&amp;foo;&quot;&lt;/script&gt;&#x27;')
+        self.assertEqual(
+            html.escape('\'<script>"&foo;"</script>\'', False),
+            '\'&lt;script&gt;"&amp;foo;"&lt;/script&gt;\'')
+
+
+def test_main():
+    run_unittest(HtmlTests)
+
+if __name__ == '__main__':
+    test_main()