quixote.__init__.py imports from publish.py, which imports from util.py, which imports from quixote.html. This puts the ptl htmltext in the quixote.util module. When the methods of StaticDirectory call htmltext, they get the ptl versions, whether or not the quixote.html namespace has been subsequently modified to have the qpy versions. You could work around this particular problem by changing util.py's import to be just from quixote import html, and then adding "html." to the uses of TemplateIO and htmltext in that module. There may be other html imports, however, that happen before you hack the quixote.html namespace, and you might not detect that until some unfortunate time later. Unless quixote.html commits one way or the other at the time it is loaded, this vulnerability seems likely to persist.