As the template can include any html or javascript inside the presentation it does not make sense to sanitze or escape anything.
We also allow html inside the markdown content, so it is possible to inject anything into the presentation there.
The only place, where user input is escaped, is inside the yaml config. This is not for security reasons, only because it looks somewhat weird or unprofessional if it is not escaped and there is no reason to allow it.
So writing something like:
will be escaped and just shown as the title.
closes #42