Improvement: the highlighting code was performing more string concatenations than necessary. It has been rewritten and an additional parameter, escape_html, has been added to allow escaping of input code. HTML escaping now happens in the code highlighting function rather than after, to avoid having to "unescape" highlighting markup.