quoteattr(data, entities={})
Escape and quote an attribute value.
Escape &, <, and > in a string of data, then quote it for use as an attribute value. The " character will be escaped as well, if necessary.
You can escape other strings of data by passing a dictionary as the optional entities parameter. The keys and values must all be strings; each key will be replaced with its corresponding value.