In this case you will probably want to set C{escape_CDATA} to True
in order to produce an XHTML-valid document, in case a closing
CDATA delimeter is in your input string. Parameter C{escape_CDATA}
is not considered when C{escape_for_html} is set to True.
Note that CDATA delimiters might be automatically added by the
browser, based on the content-type used to serve the page.
When C{escape_for_html} is set to False, whatever option is chosen
for C{escape_CDATA}, the string must not contain a '</script>' tag
(apparently...). The only option to keep this '</script>' tag (if
you need it) is to split it, which requires to know which quote
delimiter your plan to use. For eg:
Examples::
>>> text = '''foo</script>bar'''
>>> val = escape_javascript_string(text, escape_for_html=False, escape_script_tag_with_quote='"')
>>> 'foo</scr"+"ipt>bar'
>>> mycode = '''alert("%s")''' % val
C{escape_script_tag_with_quote} is not considered when
C{escape_for_html} is set to True.
If you are planning to return the string as part of a pure
Javascript document, then you should in principle set both
C{escape_for_html} and C{escape_CDATA} to False, and
C{escape_script_tag_with_quote} to None.
@param text: string to be escaped
@param escape_for_html: if True, also escape input for HTML
@param escape_CDATA: if True, escape closing CDATA tags (when C{escape_for_html} is False)
@escape_script_tag_with_quote: which quote will be used to delimit your string, in case you must wash, but keep, C{</script>} tag (when C{escape_for_html} is False)