Сonvenient escaping for XML attribute values

[Dml3Y]

Feature or enhancement

Proposal:

Proposed Feature: Add escape_attr function to xml.sax.saxutils

Problem

Currently, developers need to choose between:

• escape() - doesn't handle quotes (for text content)
• quoteattr() - adds quoting and escaping (for attributes)

Sometimes we need just escaping for attributes without the automatic quoting.

Solution

Add escape_attr() function that escapes all XML special characters including quotes, but doesn't add the outer quotes.

Benefits

• Cleaner API for attribute value escaping
• Maintains backward compatibility
• Consistent with existing saxutils design

def escape_attr(data):
    """Escape string for use in XML attributes, including quotes.
    
    This is a convenience function that escapes all special characters
    required for XML attributes, including both single and double quotes.
    """
    return escape(data, entities={'"': """, "'": "'"})

Note in escape function:

"""
    Note: This function is intended for escaping text content, not attributes.
    For attributes, use quoteattr() or escape_attr().
"""

Has this already been discussed elsewhere?

No response given

Links to previous discussion of this feature:

No response

[picnixz]

I think it should be enough to use quoteattr. You can always remove the surrounding quotes with [1:-1]. If we were to add escape_attr we would need an unescape_attr as well.

Note that we have an private xml.etree.ElementTree._escape_attrib which has a slightly different logic as well.Single quotes for instance are not escaped. It might be because of XML
standards and we don't want to use something that is may be convenient but non-standard.

cc @serhiy-storchaka

[serhiy-storchaka]

What is the use case? Could you show an example?

[picnixz]

Considering the lack of activity, I'm going to close this one. Please first gather support on DPO by opening a thread on https://discuss.python.org/c/ideas/6 with examples.