fix jinja2 rendering for password protected notebooks

IPython/frontend/html/notebook/handlers.py

@@ -29,6 +29,7 @@
 import uuid
 import os
 
+import tornado
 from tornado import web
 from tornado import websocket
 
@@ -225,7 +226,7 @@ class LoginHandler(AuthenticatedHandler):
     def _render(self, message=None):        
         template = self.application.jinja2_env.get_template('login.html')
         self.write( template.render(
-                next=self.get_argument('next', default=self.application.ipython_app.base_project_url),
+                next=tornado.escape.url_escape(self.get_argument('next', default=self.application.ipython_app.base_project_url)),
                 read_only=self.read_only,
                 logged_in=self.logged_in,
                 login_available=self.login_available,

IPython/frontend/html/notebook/templates/login.html

@@ -1,42 +1,42 @@
-{% extends page.html %}
+{% extends "page.html" %}
 
 {% block stylesheet %}
 
 <link rel="stylesheet" href="{{static_url("css/login.css") }}" type="text/css"/>
 
-{% end %}
+{% endblock %}
 
 
 {% block login_widget %}
-{% end %}
+{% endblock %}
 
 
 {% block site %}
 
 <div id="main_app">
 
     {% if login_available %}
-    <form action="{{base_project_url}}login?next={{url_escape(next)}}" method="post">
+    <form action="{{base_project_url}}login?next={{next}}" method="post">
         Password: <input type="password" class='ui-widget ui-widget-content' name="password" id="password_input">
         <input type="submit" value="Log in" id="login_submit">
     </form>
-    {% end %}
+    {% endif %}
 
     {% if message %}
       {% for key in message %}
         <div class="message {{key}}">
            {{message[key]}}
         </div>
-      {% end %}
-    {% end %}
+      {% endfor %}
+    {% endif %}
 
 <div/>
 
-{% end %}
+{% endblock %}
 
 
 {% block script %}
 
 <script src="{{static_url("js/loginmain.js") }}" type="text/javascript" charset="utf-8"></script>
 
-{% end %}
+{% endblock %}

IPython/frontend/html/notebook/templates/logout.html

@@ -1,14 +1,14 @@
-{% extends page.html %}
+{% extends "page.html" %}
 
 {% block stylesheet %}
 
 <link rel="stylesheet" href="{{static_url("css/logout.css") }}" type="text/css"/>
 
-{% end %}
+{% endblock %}
 
 
 {% block login_widget %}
-{% end %}
+{% endblock %}
 
 {% block site %}
 
@@ -19,22 +19,22 @@
         <div class="message {{key}}">
            {{message[key]}}
         </div>
-      {% end %}
-    {% end %}
+      {% endfor %}
+    {% endif %}
 
     {% if read_only or not login_available %}
     Proceed to the <a href="{{base_project_url}}">dashboard</a>.
     {% else %}
     Proceed to the <a href="{{base_project_url}}login">login page</a>.
-    {% end %}
+    {% endif %}
 
 
 <div/>
 
-{% end %}
+{% endblock %}
 
 {% block script %}
 
 <script src="{{static_url("js/logoutmain.js") }}" type="text/javascript" charset="utf-8"></script>
 
-{% end %}
+{% endblock %}