You could write a simple escape function. def escape(html): "Return the given TEXT with ampersands, quotes and carets encoded." return html.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')