Closest thing I know about is cgi.escape.

我所知道的最接近的是cgi.escape。

from django.utils.html import escape
print escape('<div class="q">Q & A</div>')

You probably want xml.sax.saxutils.escape:

你可能想要xml.sax.saxutils.escape：

from xml.sax.saxutils import escape
escape(unsafe, {'"':'"'}) # ENT_COMPAT
escape(unsafe, {'"':'"', '\'':'''}) # ENT_QUOTES
escape(unsafe) # ENT_NOQUOTES

Have a look at xml.sax.saxutils.quoteattr, it might be more useful for you

看看xml.sax.saxutils.quoteattr，它可能对你更有用

The html.entitiesmodule (htmlentitydefsfor python 2.x) contains a dictionary codepoint2namewhich should do what you need.

该html.entities模块（htmlentitydefs用于python 2.x）包含一个字典codepoint2name，它应该可以满足您的需求。

>>> import html.entities
>>> html.entities.codepoint2name[ord("&")]
'amp'
>>> html.entities.codepoint2name[ord('"')]
'quot'

I think the simplest way is just to use replace:

我认为最简单的方法就是使用替换：

text.replace("&", "&amp;").replace('"', "&quot;").replace("<", "&lt;").replace(">", "&gt;")

PHP only escapes those four entities with htmlspecialchars. Note that if you have ENT_QUOTES set in PHP, you need to replace quotes with ' rather than ".

PHP 仅使用 htmlspecialchars 转义这四个实体。请注意，如果您在 PHP 中设置了 ENT_QUOTES，则需要将引号替换为 ' 而不是“。

Building on @garlon4 answer, you can define your own htmlspecialchars(s):

基于@garlon4 答案，您可以定义自己的htmlspecialchars(s)：

def htmlspecialchars(text):
    return (
        text.replace("&", "&").
        replace('"', """).
        replace("<", "&lt;").
        replace(">", "&gt;")
    )

If you are using django 1.0 then your template variables will already be encoded and ready for display. You also use the safeoperator {{ var|safe }}if you don't want it globally turned on.

如果您使用的是 django 1.0，那么您的模板变量将已经被编码并准备好显示。如果您不想全局打开它，也可以使用该 safe运算符{{ var|safe }}。