Do you think we should change <%- %> to something else for disabling escaping in templates?

[Benasin]

I know that using hyphen instead of equal sign will disable escaping for the content inside. However, the fact that hyphen (-) sign and equal (=) sign are next to each other on the keyboard, there will be a high chance developers will mistype and pose an XSS risk in their applications.

[mde]

This convention has existed for a very, very long time in all previous implementations of EJS, and versions of its precursor, ERB, for the Ruby language. There is unfortunately zero possibility we will change this.