use markupspace for escaping

lms/djangoapps/bulk_email/tasks.py

@@ -3,7 +3,6 @@
 This module contains celery task functions for handling the sending of bulk email
 to a course.
 """
-import cgi
 from collections import Counter
 import json
 import logging
@@ -25,6 +24,7 @@ from boto.ses.exceptions import (
     SESIllegalAddressError,
 )
 from boto.exception import AWSConnectionError
+from markupsafe import escape
 
 from celery import task, current_task  # pylint: disable=no-name-in-module
 from celery.states import SUCCESS, FAILURE, RETRY  # pylint: disable=no-name-in-module, import-error
@@ -434,7 +434,7 @@ def _get_source_address(course_id, course_title, truncate=True):
 
     # It seems that this value is also escaped when set out to amazon, judging
     # from our logs
-    escaped_encoded_from_addr = cgi.escape(encoded_from_addr)
+    escaped_encoded_from_addr = escape(encoded_from_addr)
     if len(escaped_encoded_from_addr) >= 320 and truncate:
         from_addr = format_address(course_name)
 

lms/djangoapps/bulk_email/tests/test_email.py

@@ -2,8 +2,8 @@
 """
 Unit tests for sending course email
 """
-import cgi
 import json
+from markupsafe import escape
 from mock import patch, Mock
 from nose.plugins.attrib import attr
 import os
@@ -344,7 +344,7 @@ class TestEmailSendFromDashboardMockedHtmlToText(EmailSendFromDashboardTestCase)
         __, encoded_unexpected_from_addr = forbid_multi_line_headers(
             "from", unexpected_from_addr, 'utf-8'
         )
-        escaped_encoded_unexpected_from_addr = cgi.escape(encoded_unexpected_from_addr)
+        escaped_encoded_unexpected_from_addr = escape(encoded_unexpected_from_addr)
 
         # it's shorter than 320 characters when just encoded
         self.assertEqual(len(encoded_unexpected_from_addr), 318)