The upstream release includes a bunch of documentation changes (mostly version bumps) and some trailing whitespace changes; once those are filtered out, the actual code changes look small and reasonable. An additional call to cgi.escape has been added as well as code to escape injected comment closing code. Also, the cleanup with the missing desired_matches() function seems useful.
Attached is the filtered diff that I used to review.
The upstream release includes a bunch of documentation changes (mostly version bumps) and some trailing whitespace changes; once those are filtered out, the actual code changes look small and reasonable. An additional call to cgi.escape has been added as well as code to escape injected comment closing code. Also, the cleanup with the missing desired_matches() function seems useful.
Attached is the filtered diff that I used to review.