These are automatically unescaped whenever they are rendered to the DOM, so doing it here actually unescapes the content too many times, opening up a potential XSS vector, e.g. when displaying escaped HTML in a _block.
See rendrjs/rendr-handlebars#61 for a more detailed explanation
These are automatically unescaped whenever they are rendered to the DOM, so doing it here actually unescapes the content too many times, opening up a potential XSS vector, e.g. when displaying escaped HTML in a _block.
See rendrjs/rendr-handlebars#61 for a more detailed explanation