That seems to be true, sanitize defaults to False in the class XML __init__
On May 25, 10:47 am, Anthony <abasta...@gmail.com> wrote: > On Wednesday, May 25, 2011 11:24:12 AM UTC-4, Massimo Di Pierro wrote: > > > So this: > > > xss.xssescape(text) > > > would be the same as > > > str(XML(text)) > > str(XML(text)) won't escape the text, will it? The __str__ method of an XML > object just returns the unaltered text (unless sanitize=True), no? > > Anthony
