Fix XSS vulnerability by defaulting to Handlebars html_escape formatting

[erkiesken]

Fixes #23.

This change will revert the no_escape override, and uses Handlebars raw output formatting {{{..}}} instead in the place it was needed.

Also bumped handlebars version just in case there are other fixes in there.

[camdenorrb]

So um, why is this not merged?

[camdenorrb]

Thxz <3