From 980a522f9f5ba4774ebeef3fffb8722c481f9da2 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Sun, 23 Apr 2006 22:23:46 +0000
Subject: [PATCH] magic-removal: Fixed #1270 -- Made the escape filter escape
 single quotes

git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@2738 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/utils/html.py | 2 +-
 docs/templates.txt   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/django/utils/html.py b/django/utils/html.py
index 6c9779a156..a0d1e82dcf 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -25,7 +25,7 @@ def escape(html):
     "Returns the given HTML with ampersands, quotes and carets encoded"
     if not isinstance(html, basestring):
         html = str(html)
-    return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;')
+    return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')
 
 def linebreaks(value):
     "Converts newlines into <p> and <br />s"
diff --git a/docs/templates.txt b/docs/templates.txt
index 9d137019a0..88f14dd3b9 100644
--- a/docs/templates.txt
+++ b/docs/templates.txt
@@ -844,7 +844,8 @@ Escapes a string's HTML. Specifically, it makes these replacements:
     * ``"&"`` to ``"&amp;"``
     * ``<`` to ``"&lt;"``
     * ``>`` to ``"&gt;"``
-    * ``'"'`` (double quote) to ``"&quot;"``
+    * ``'"'`` (double quote) to ``'&quot;'``
+    * ``"'"`` (single quote) to ``'&#39;'``
 
 filesizeformat
 ~~~~~~~~~~~~~~