def escape_url(raw):
"""
Escape urls to prevent code injection craziness. (Hopefully.)
"""
return html.escape(quote(html.unescape(raw), safe="/#:()*?=%@+,&"))
def escape_html(raw):
return html.escape(html.unescape(raw)).replace("'", "'")