new xml_escape function, doing html_escape + control characters escaping

__init__.py

@@ -86,6 +86,10 @@ def html_escape(data):
     return (data.replace('&','&amp;').replace('<','&lt;').replace('>','&gt;')
             .replace('"','&quot;').replace("'",'&#39;'))
 
+def xml_escape(data):
+    # XXX remove more control characters
+    return html_escape(data).replace('\f', '\n').replace('\b', '')
+
 def html_unescape(data):
     """unescapes XML/HTML entities"""
     for entityname, codepoint in htmlentitydefs.name2codepoint.iteritems():