If this library is used for rendering untrusted user input (such as comments) things won't be pretty. To protect some poor soul from using this little nice library without knowing such implication, I believe Humanize should escape HTML input by default with optional parameter to disable it (if you however decide this is not the job of JS-Humanize, I think there should be a note about this behavior somewhere, in bold, red, large text but that's likely never enough ;)
Currently Humanize doesn't do any HTML escaping; any input contains HTML fragment could get executed on the page.
If this library is used for rendering untrusted user input (such as comments) things won't be pretty. To protect some poor soul from using this little nice library without knowing such implication, I believe Humanize should escape HTML input by default with optional parameter to disable it (if you however decide this is not the job of JS-Humanize, I think there should be a note about this behavior somewhere, in bold, red, large text but that's likely never enough ;)
Either way, nice work!