From 5f9aa6f7c2aa4005b52085e31b5e2677362a5b9b Mon Sep 17 00:00:00 2001
From: Taylor Jackle Spriggs <taylor.spriggs@intel.com>
Date: Wed, 13 Oct 2021 13:17:55 -0700
Subject: [PATCH 1/2] support escape argument

---
 chevron/renderer.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/chevron/renderer.py b/chevron/renderer.py
index 65a00f6..0cac700 100644
--- a/chevron/renderer.py
+++ b/chevron/renderer.py
@@ -130,7 +130,7 @@ def _get_partial(name, partials_dict, partials_path, partials_ext):
 
 def render(template='', data={}, partials_path='.', partials_ext='mustache',
            partials_dict={}, padding='', def_ldel='{{', def_rdel='}}',
-           scopes=None, warn=False, keep=False):
+           scopes=None, warn=False, keep=False, escape=_html_escape):
     """Render a mustache template.
 
     Renders a mustache template with a data scope and partial capability.
@@ -179,6 +179,8 @@ def render(template='', data={}, partials_path='.', partials_ext='mustache',
 
     keep          -- Keep unreplaced tags when a template substitution isn't found in the data
 
+    escape        -- Escape entries before replacement (defaults to html escaping)
+
 
     Returns:
 
@@ -238,7 +240,7 @@ def render(template='', data={}, partials_path='.', partials_ext='mustache',
                 thing = scopes[1]
             if not isinstance(thing, unicode_type):
                 thing = unicode(str(thing), 'utf-8')
-            output += _html_escape(thing)
+            output += escape(thing)
 
         # If we're a no html escape tag
         elif tag == 'no escape':

From e8859eb7e8672a55d36d923c440bd72eda926518 Mon Sep 17 00:00:00 2001
From: Taylor Jackle Spriggs <taylor.spriggs@intel.com>
Date: Wed, 13 Oct 2021 13:48:47 -0700
Subject: [PATCH 2/2] add a test

---
 test_spec.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test_spec.py b/test_spec.py
index 905e105..dd31b7e 100755
--- a/test_spec.py
+++ b/test_spec.py
@@ -552,6 +552,20 @@ def test_keep_from_partials(self):
         expected = '1st {{ missing_key }} 3rd'
         self.assertEqual(result, expected)
 
+    def test_escape(self):
+        args = {
+            'template': '{{ testing }}',
+            'data': {
+                'testing': '"123&;',
+            },
+            'escape': lambda s: s.replace('"', "foo").replace("123", "bar").replace("&;", "!"),
+        }
+
+        result = chevron.render(**args)
+        expected = 'foobar!'
+
+        self.assertEqual(result, expected)
+
 
 # Run unit tests from command line
 if __name__ == "__main__":