diff --git a/datasette/app.py b/datasette/app.py
index ee816426..e284995a 100644
--- a/datasette/app.py
+++ b/datasette/app.py
@@ -19,9 +19,8 @@ import urllib.parse
from concurrent import futures
from pathlib import Path
-from markupsafe import Markup
+from markupsafe import Markup, escape
from itsdangerous import URLSafeSerializer
-import jinja2
from jinja2 import ChoiceLoader, Environment, FileSystemLoader, PrefixLoader, escape
from jinja2.environment import Template
from jinja2.exceptions import TemplateNotFound
@@ -864,7 +863,7 @@ class Datasette:
}
if request and request.args.get("_context") and self.setting("template_debug"):
return "{}".format(
- jinja2.escape(json.dumps(template_context, default=repr, indent=4))
+ escape(json.dumps(template_context, default=repr, indent=4))
)
return await template.render_async(template_context)
diff --git a/datasette/views/database.py b/datasette/views/database.py
index 0c58a351..96b2ca91 100644
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@@ -1,8 +1,8 @@
import os
import hashlib
import itertools
-import jinja2
import json
+from markupsafe import Markup, escape
from urllib.parse import parse_qsl, urlencode
from datasette.utils import (
@@ -354,11 +354,11 @@ class QueryView(DataView):
display_value = plugin_value
else:
if value in ("", None):
- display_value = jinja2.Markup(" ")
+ display_value = Markup(" ")
elif is_url(str(display_value).strip()):
- display_value = jinja2.Markup(
+ display_value = Markup(
'{url}'.format(
- url=jinja2.escape(value.strip())
+ url=escape(value.strip())
)
)
elif isinstance(display_value, bytes):
@@ -372,7 +372,7 @@ class QueryView(DataView):
).hexdigest(),
},
)
- display_value = jinja2.Markup(
+ display_value = Markup(
'<Binary: {} byte{}>'.format(
blob_url,
len(display_value),
diff --git a/datasette/views/table.py b/datasette/views/table.py
index 48792284..8007377a 100644
--- a/datasette/views/table.py
+++ b/datasette/views/table.py
@@ -2,7 +2,7 @@ import urllib
import itertools
import json
-import jinja2
+import markupsafe
from datasette.plugins import pm
from datasette.database import QueryInterrupted
@@ -135,12 +135,12 @@ class RowTableShared(DataView):
"value_type": "pk",
"is_special_link_column": is_special_link_column,
"raw": pk_path,
- "value": jinja2.Markup(
+ "value": markupsafe.Markup(
'{flat_pks}'.format(
base_url=base_url,
database=database,
table=urllib.parse.quote_plus(table),
- flat_pks=str(jinja2.escape(pk_path)),
+ flat_pks=str(markupsafe.escape(pk_path)),
flat_pks_quoted=path_from_row_pks(row, pks, not pks),
)
),
@@ -166,7 +166,7 @@ class RowTableShared(DataView):
if plugin_display_value is not None:
display_value = plugin_display_value
elif isinstance(value, bytes):
- display_value = jinja2.Markup(
+ display_value = markupsafe.Markup(
'<Binary: {} byte{}>'.format(
self.ds.urls.row_blob(
database,
@@ -187,22 +187,22 @@ class RowTableShared(DataView):
link_template = (
LINK_WITH_LABEL if (label != value) else LINK_WITH_VALUE
)
- display_value = jinja2.Markup(
+ display_value = markupsafe.Markup(
link_template.format(
database=database,
base_url=base_url,
table=urllib.parse.quote_plus(other_table),
link_id=urllib.parse.quote_plus(str(value)),
- id=str(jinja2.escape(value)),
- label=str(jinja2.escape(label)) or "-",
+ id=str(markupsafe.escape(value)),
+ label=str(markupsafe.escape(label)) or "-",
)
)
elif value in ("", None):
- display_value = jinja2.Markup(" ")
+ display_value = markupsafe.Markup(" ")
elif is_url(str(value).strip()):
- display_value = jinja2.Markup(
+ display_value = markupsafe.Markup(
'{url}'.format(
- url=jinja2.escape(value.strip())
+ url=markupsafe.escape(value.strip())
)
)
elif column in table_metadata.get("units", {}) and value != "":
@@ -212,7 +212,9 @@ class RowTableShared(DataView):
# representation, which we have to round off to avoid ugliness. In the vast
# majority of cases this rounding will be inconsequential. I hope.
value = round(value.to_compact(), 6)
- display_value = jinja2.Markup(f"{value:~P}".replace(" ", " "))
+ display_value = markupsafe.Markup(
+ f"{value:~P}".replace(" ", " ")
+ )
else:
display_value = str(value)
if truncate_cells and len(display_value) > truncate_cells:
diff --git a/docs/plugin_hooks.rst b/docs/plugin_hooks.rst
index 7a1645ec..688eaa61 100644
--- a/docs/plugin_hooks.rst
+++ b/docs/plugin_hooks.rst
@@ -389,7 +389,7 @@ If the value matches that pattern, the plugin returns an HTML link element:
.. code-block:: python
from datasette import hookimpl
- import jinja2
+ import markupsafe
import json
@@ -415,9 +415,9 @@ If the value matches that pattern, the plugin returns an HTML link element:
or href.startswith("https://")
):
return None
- return jinja2.Markup('{label}'.format(
- href=jinja2.escape(data["href"]),
- label=jinja2.escape(data["label"] or "") or " "
+ return markupsafe.Markup('{label}'.format(
+ href=markupsafe.escape(data["href"]),
+ label=markupsafe.escape(data["label"] or "") or " "
))
Examples: `datasette-render-binary `_, `datasette-render-markdown `__, `datasette-json-html `__
diff --git a/tests/plugins/my_plugin_2.py b/tests/plugins/my_plugin_2.py
index 6cd222e6..f3b794cf 100644
--- a/tests/plugins/my_plugin_2.py
+++ b/tests/plugins/my_plugin_2.py
@@ -1,6 +1,6 @@
from datasette import hookimpl
from functools import wraps
-import jinja2
+import markupsafe
import json
@@ -38,11 +38,11 @@ def render_cell(value, database):
or href.startswith("https://")
):
return None
- return jinja2.Markup(
+ return markupsafe.Markup(
'{label}'.format(
database=database,
- href=jinja2.escape(data["href"]),
- label=jinja2.escape(data["label"] or "") or " ",
+ href=markupsafe.escape(data["href"]),
+ label=markupsafe.escape(data["label"] or "") or " ",
)
)