Fix escaping

I wasn't placing htmlescape into the right context dictionary. Since we have a default noop escape function in the context already, we don't need the unescaped renderer again after all. Circles! :)
gratipay · Feb 10, 2015 · 73996eb · 73996eb
1 parent 3c43a6b
commit 73996eb
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 23 deletions.
diff --git a/gratipay/main.py b/gratipay/main.py
@@ -12,7 +12,7 @@
 from gratipay.security import authentication, csrf, x_frame_options
 from gratipay.utils import cache_static, i18n, set_cookie, timer
 from gratipay.version import get_version
-from gratipay.renderers import jinja2_htmlescaped, jinja2_unescaped
+from gratipay.renderers import jinja2_htmlescaped
 
 import aspen
 from aspen import log_dammit
@@ -58,12 +58,10 @@ def _set_cookie(response, *args, **kw):
 
 website.renderer_factories['jinja2_htmlescaped'] = jinja2_htmlescaped.Factory(website)
 website.default_renderers_by_media_type['text/html'] = 'jinja2_htmlescaped'
-
-website.renderer_factories['jinja2_unescaped'] = jinja2_unescaped.Factory(website)
-website.default_renderers_by_media_type['text/plain'] = 'jinja2_unescaped'
+website.default_renderers_by_media_type['text/plain'] = 'jinja2'  # unescaped is fine here
 
 website.renderer_factories['jinja2'].Renderer.global_context = {
-    # This is shared via class inheritance with jinja2_{html,un}escaped.
+    # This is shared via class inheritance with jinja2_htmlescaped.
     'b64encode': base64.b64encode,
     'enumerate': enumerate,
     'float': float,

diff --git a/gratipay/renderers/jinja2_htmlescaped.py b/gratipay/renderers/jinja2_htmlescaped.py
@@ -10,7 +10,13 @@ def render_content(self, context):
         # template authors shouldn't normally need to use this function, but
         # having it in the simplate context makes it easier to implement i18n.
 
-        context['escape'] = htmlescape
+        context['escape'] = context['request'].context['escape'] = htmlescape
+
+        # ^^^ Yes, this is fugly. We need the escaping function in the
+        # request.context dictionary because that's where the i18n functions
+        # look for it, and we need it in `context` (which is a Jinja2 context,
+        # which is not identical with request.context) so that it's properly
+        # available inside of simplate pages 3+.
 
         return base.Renderer.render_content(self, context)
 

diff --git a/gratipay/renderers/jinja2_unescaped.py b/gratipay/renderers/jinja2_unescaped.py