On Fri, Dec 27, 2013 at 5:48 PM, Matthew Walker mwalker@wikimedia.orgwrote:
For the fundraising thank you letters, I pass a dictionary to the template containing the currency string "VND 20000.23"; via callback that gets transformed into 20,000.23*₫* via a i18n library that I wrote.
I pass in details about a contribution (such as ID, date, email, name) to the template, and then these get composited into things like links, personalized greetings, and displayed tables.
If I'm understanding your use case, this is actually something I would want to forbid in our template engine use. With the exception of i18n, when it's easy to know what type of escaping is being applied (since the same functions are used everywhere), I don't want to have to go from the template back to your callback's definition to see if you're correctly escaping for the html's context.