2 files changed, 14 insertions, 6 deletions

diff --git a/src/zope/tal/taldefs.py b/src/zope/tal/taldefs.py
index 3ece743..0715055 100644
--- a/src/zope/tal/taldefs.py
+++ b/src/zope/tal/taldefs.py
@@ -193,7 +193,9 @@ def attrEscape(s):
     s = s.replace('"', '"')
     return s
 
-import cgi
-def quote(s, escape=cgi.escape):
-    return '"%s"' % escape(s, 1)
-del cgi
+def quote(s):
+    s = s.replace("&", "&") # Must be done first!
+    s = s.replace("<", "&lt;")
+    s = s.replace(">", "&gt;")
+    s = s.replace('"', "&quot;")
+    return '"%s"' % s
diff --git a/src/zope/tal/talgenerator.py b/src/zope/tal/talgenerator.py
index 92a679a..db14a4f 100644
--- a/src/zope/tal/talgenerator.py
+++ b/src/zope/tal/talgenerator.py
@@ -13,9 +13,15 @@
 ##############################################################################
 """Code generator for TALInterpreter intermediate code.
 """
-import cgi
 import re
 
+try:
+    # Python 3.x
+    from html import escape
+except ImportError:
+    # Python 2.x
+    from cgi import escape
+
 from zope.tal import taldefs
 from zope.tal.taldefs import NAME_RE, TAL_VERSION
 from zope.tal.taldefs import I18NError, METALError, TALError
@@ -257,7 +263,7 @@ class TALGenerator(object):
         self.emit("rawtext", text)
 
     def emitText(self, text):
-        self.emitRawText(cgi.escape(text))
+        self.emitRawText(escape(text, False))
 
     def emitDefines(self, defines):
         for part in taldefs.splitParts(defines):