A decorator function for preventing cross-site scriting attacks for bottle.py

application.py

#!/usr/bin/env python

import bottle
from bottle import route

def websafe(func):
    """
    A decorator function for preventing cross-site scriting attacks
    """
    def wrapper(*args, **kwargs):
        result = func(*args, **kwargs)
        result = result.replace(u"&", u"&")
        result = result.replace(u"<", u"&lt;")
        result = result.replace(u">", u"&gt;")
        result = result.replace(u"'", u"&#39;")
        result = result.replace(u'"', u"&quot;")
        return result
    return wrapper


@route('/hello/:name')
@websafe
def hello(name):
    return "Hello %s!" % name

application = bottle.default_app()