fix: turn off automatic escaping in session request templates

[microamp]

fixes #7993

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.84%. Comparing base (c7f6bde) to head (826accc).
Report is 91 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8007      +/-   ##
==========================================
+ Coverage   88.78%   88.84%   +0.06%     
==========================================
  Files         296      304       +8     
  Lines       41320    41541     +221     
==========================================
+ Hits        36687    36909     +222     
+ Misses       4633     4632       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jennifer-richards]

I'm a little concerned because this ends up outputting the user-provided person.name in an unescaped context. Since this is destined for plaintext email I think it's ok, but we should be careful.

[rjsparks]

If recipients honor the text/plain mime-type these are sent with, I don't think we have any concern (and we do use autoescape=off for most other templates that generate text for email.

But I think we should, separately, turn up the level of sanitization of user input for names - they can be blobs, but the blobs don't need to contain html, for example. I've been toying with comparing the various names stored in the datatracker (and names we derive from them) with bleach.clean(name,[],strip=True) and haven't found a case where we wouldn't want to have rejected the name if those came up different.