Index: modules/filter/filter.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v
retrieving revision 1.285
diff -u -p -r1.285 filter.module
--- modules/filter/filter.module	28 Aug 2009 16:23:04 -0000	1.285
+++ modules/filter/filter.module	28 Aug 2009 20:38:50 -0000
@@ -993,6 +993,13 @@ function _filter_autop($text) {
 }
 
 /**
+ * Escapes all HTML tags, so they will be visible instead of being effective.
+ */
+function _filter_html_escape($text) {
+  return trim(check_plain($text));
+}
+
+/**
  * @} End of "Standard filters".
  */
 
Index: modules/filter/filter.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.test,v
retrieving revision 1.38
diff -u -p -r1.38 filter.test
--- modules/filter/filter.test	28 Aug 2009 19:44:05 -0000	1.38
+++ modules/filter/filter.test	28 Aug 2009 20:38:50 -0000
@@ -510,22 +510,16 @@ class FilterUnitTestCase extends DrupalW
 
   /**
    * Test the HTML escaping filter.
-   *
-   * Here we test only whether check_plain() does what it should.
    */
   function testNoHtmlFilter() {
-    // Test that characters that have special meaning in XML are changed into
-    // entities.
-    $f = check_plain('<>&"');
-    $this->assertEqual($f, '&lt;&gt;&amp;&quot;', t('No HTML filter basic test.'));
-
-    // A single quote can also be used for evil things in some contexts.
-    $f = check_plain('\'');
-    $this->assertEqual($f, '&#039;', t('No HTML filter -- single quote.'));
+    $this->_testEscapedHTML('_filter_html_escape');
+  }
 
-    // Test that the filter is not fooled by different evasion techniques.
-    $f = check_plain("\xc2\"");
-    $this->assertEqual($f, '', t('No HTML filter -- invalid UTF-8.'));
+  /**
+   * Test that the check_plain() function escapes HTML correctly.
+   */
+  function testCheckPlain() {
+    $this->_testEscapedHTML('check_plain');
   }
 
   /**
@@ -744,6 +738,30 @@ class FilterUnitTestCase extends DrupalW
   function assertNoNormalized($haystack, $needle, $message = '', $group = 'Other') {
     return $this->assertTrue(strpos(strtolower(decode_entities($haystack)), $needle) === FALSE, $message, $group);
   }
+
+  /**
+   * Helper method to test functions that are intended to escape HTML.
+   *
+   * @param $function
+   *   The name of the function to test.
+   */
+  function _testEscapedHTML($function) {
+    // Define string replacements for the assertion messages.
+    $replacements = array('@function' => $function);
+
+    // Test that characters that have special meaning in XML are changed into
+    // entities.
+    $f = $function('<>&"');
+    $this->assertEqual($f, '&lt;&gt;&amp;&quot;', t('The @function() function correctly filters basic HTML entities.', $replacements));
+
+    // A single quote can also be used for evil things in some contexts.
+    $f = $function('\'');
+    $this->assertEqual($f, '&#039;', t('The @function() function correctly filters single quotes.', $replacements));
+
+    // Test that the filter is not fooled by different evasion techniques.
+    $f = $function("\xc2\"");
+    $this->assertEqual($f, '', t('The @function() function correctly filters invalid UTF-8.', $replacements));
+  }
 }
 
 /**
