Python Input Sanitization

Use html.escape() - cgi.escape() is deprecated in Python 3

import html
input = '<>&'
output = html.escape(input)
print(output)

&lt;&gt;&amp;

You can use cgi.escape()

import cgi
inlist = '<>'
transform = cgi.escape(inlist)
print transform

Output:

&lt;&gt;

https://docs.python.org/2/library/cgi.html#cgi.escape

cgi.escape(s[, quote]) Convert the characters '&', '<' and '>' in string s to HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the optional flag quote is true, the quotation mark character (") is also translated; this helps for inclusion in an HTML attribute value delimited by double quotes, as in . Note that single quotes are never translated.