From e424832ecf1191abbe4c8622d17f0a3faecc1ae1 Mon Sep 17 00:00:00 2001
From: David Mazary <dmazary@gmail.com>
Date: Wed, 14 Mar 2012 22:15:04 -0300
Subject: [PATCH] use cgi.escape to escape &,<,>

---
 xonstat/util.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xonstat/util.py b/xonstat/util.py
index 758b206..23d9e28 100755
--- a/xonstat/util.py
+++ b/xonstat/util.py
@@ -1,4 +1,5 @@
 import re
+from cgi import escape
 from datetime import datetime
 
 # Map of special chars to ascii from Darkplace's console.c.
@@ -78,7 +79,7 @@ def strip_colors(qstr=''):
 
 
 def html_colors(qstr=''):
-    qstr = qfont_decode(qstr)
+    qstr = escape(qfont_decode(qstr))
     def dec_repl(match):
         return _dec_spans[int(match.group(1))]
     qstr = qstr.replace('^^', '^')
-- 
2.39.2