From ea0e925972c944ac4586887d7fd2e9c27225dd83 Mon Sep 17 00:00:00 2001
From: Nick Bartos <nick@pistoncloud.com>
Date: Sun, 19 Feb 2012 19:15:12 -0800
Subject: [PATCH] Escape apostrophe in utils.xhtml_escape() (lp#872450)

Also remove comment which is no longer relevant.

Change-Id: I33a951d08a34510b2a9dbacb9fb3ebf6bee978b4
---
 Authors                  | 1 +
 nova/tests/test_utils.py | 4 ++++
 nova/utils.py            | 5 +----
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Authors b/Authors
index ad6351b07e6c..1668cfa8fe2f 100644
--- a/Authors
+++ b/Authors
@@ -131,6 +131,7 @@ MotoKen <motokentsai@gmail.com>
 Muneyuki Noguchi <noguchimn@nttdata.co.jp>
 Nachi Ueno <ueno.nachi@lab.ntt.co.jp>
 Naveed Massjouni <naveedm9@gmail.com>
+Nick Bartos <nick@pistoncloud.com>
 Nikhil Komawar <nikhil.komawar@rackspace.com>
 Nikolay Sokolov <nsokolov@griddynamics.com>
 Nirmal Ranganathan <rnirmal@gmail.com>
diff --git a/nova/tests/test_utils.py b/nova/tests/test_utils.py
index c60dc26a9934..93146876e739 100644
--- a/nova/tests/test_utils.py
+++ b/nova/tests/test_utils.py
@@ -696,6 +696,10 @@ class DeprecationTest(test.TestCase):
         result = utils.service_is_up(service)
         self.assertFalse(result)
 
+    def test_xhtml_escape(self):
+        self.assertEqual('&quot;foo&quot;', utils.xhtml_escape('"foo"'))
+        self.assertEqual('&apos;foo&apos;', utils.xhtml_escape("'foo'"))
+
     def test_hash_file(self):
         data = 'Mary had a little lamb, its fleece as white as snow'
         flo = StringIO.StringIO(data)
diff --git a/nova/utils.py b/nova/utils.py
index 85f39dbe0734..dc8a660a626e 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -669,11 +669,8 @@ class LoopingCall(object):
 def xhtml_escape(value):
     """Escapes a string so it is valid within XML or XHTML.
 
-    Code is directly from the utf8 function in
-    http://github.com/facebook/tornado/blob/master/tornado/escape.py
-
     """
-    return saxutils.escape(value, {'"': '&quot;'})
+    return saxutils.escape(value, {'"': '&quot;', "'": '&apos;'})
 
 
 def utf8(value):