I have a growing list of Pando monkey patches in Liberapay that should be moved upstream if possible.

• Request.source: an IP address that can be used in rate limiting, requires a new website.trusted_proxies attribute as well as the ipaddress package for python < 3.3
• Response.encode_url(url): static method used by Response.redirect(), doesn't have to be part of a class once moved upstream
• Response.error(code, msg=''): modifies the response and raises it
• Response.success(code=200, msg=''): same as above except that code defaults to 200
• Response.json(obj, code=200): same as above except that obj is serialized to JSON and the Content-Type header is set to application/json
• Response.sanitize_untrusted_url(url): prevents XSS attacks
• Response.redirect(url, code=302, trusted_url=True): raises the response after modifying its code, setting the Location header, and sanitizing the URL if trusted_url is set to False
• Response.render(path, state, **extra): renders the resource path (e.g. templates/confirm.spt) with state plus extra as context, sort of an internal redirect
• Response.set_cookie(key, value, expires=None, httponly=True, path='/'): self-explanatory
• Response.erase_cookie(key, **kw): shortcut for set_cookie() with an empty value and an expiration date in the past
• Response.text: the decoded body of the response, useful in tests