diff -r d44de6313b58 -r b67514b01536 src/reportlab/lib/utils.py
--- a/src/reportlab/lib/utils.py	Mon Mar 08 11:27:31 2010 +0000
+++ b/src/reportlab/lib/utils.py	Mon Mar 08 13:01:55 2010 +0000
@@ -1129,3 +1129,31 @@
         A.append(msg)
     v.args = tuple(A)
     raise t,v,b
+    
+def escapeOnce(data):
+    """Ensure XML output is escaped just once, irrespective of input
+
+    >>> escapeOnce('A & B')
+    'A & B'
+    >>> escapeOnce('C & D')
+    'C & D'
+    >>> escapeOnce('E & F')
+    'E & F'
+
+    """
+    data = data.replace("&", "&")
+
+    #...but if it was already escaped, make sure it
+    # is not done twice....this will turn any tags
+    # back to how they were at the start.
+    data = data.replace("&", "&")
+    data = data.replace(">", ">")
+    data = data.replace("<", "<")
+    data = data.replace("&#", "&#")
+
+    #..and just in case someone had double-escaped it, do it again
+    data = data.replace("&", "&")
+    data = data.replace(">", ">")
+    data = data.replace("<", "<")
+    return data
+