From 680b94550fe0f565d620304c14617f4cb0adeff9 Mon Sep 17 00:00:00 2001
From: Marc Foley <m.foley.88@gmail.com>
Date: Mon, 8 Jul 2024 15:24:34 +0100
Subject: [PATCH] html: escape font filenames

---
 src/diffenator2/html.py                            | 4 ++++
 src/diffenator2/templates/CSSFontFace.partial.html | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/diffenator2/html.py b/src/diffenator2/html.py
index 814457a..fa158ad 100644
--- a/src/diffenator2/html.py
+++ b/src/diffenator2/html.py
@@ -10,6 +10,7 @@
 import re
 from pathlib import Path
 from diffenator2.shape import parse_wordlist
+from urllib.parse import quote
 
 
 WIDTH_CLASS_TO_CSS = {
@@ -196,6 +197,9 @@ def _package(templates, dst, **kwargs):
         env = Environment(
             loader=FileSystemLoader(os.path.dirname(template_fp)),
         )
+        # jinja2 already has an escaping filter but it only escapes
+        # a few characters.
+        env.filters["super_escape"] = quote
         template = env.get_template(os.path.basename(template_fp))
         doc = template.render(**kwargs)
         if "filter_styles" in kwargs:
diff --git a/src/diffenator2/templates/CSSFontFace.partial.html b/src/diffenator2/templates/CSSFontFace.partial.html
index d907da2..dd09d3a 100644
--- a/src/diffenator2/templates/CSSFontFace.partial.html
+++ b/src/diffenator2/templates/CSSFontFace.partial.html
@@ -1,5 +1,5 @@
 @font-face{
-    src: url("{{ filename }}");
+    src: url("{{ filename | super_escape }}");
     font-family: "{{ cssfamilyname }}";
     font-weight: {{ font_weight }};
     {% if font_stretch %}font-stretch: {{ font_stretch }};{% endif %}