def format_html(format_string, *args, **kwargs): """ Similar to str % foo, but passes all arguments through conditional_websafe, and calls 'unsafe' on the result. This function should be used instead of str.format or % interpolation to build up small HTML fragments. Example: format_html("Are you %s? %s", name, unsafe(checkbox_html)) """ if args and kwargs: raise ValueError("Can't specify both positional and keyword args") args_safe = tuple(map(conditional_websafe, args)) kwargs_gen = ((k, conditional_websafe(v)) for (k, v) in kwargs.iteritems()) kwargs_safe = dict(kwargs_gen) format_args = args_safe or kwargs_safe return unsafe(format_string % format_args)