In templates, is there any way to distinguish plain text content from HTML content? Or does the caller need to always escape arbitrary text values?
As a contrived example, in the docs under the "Event" header, if I type
<b>bold! into the text box, bold text appears, so it seems I can insert arbitrary HTML. That's fine for hard-coded values, but seems like a security issue for anything derived from user input.
For what it's worth, I like the minimal, modern JS-based approach of ArrowJS, but this seems like a potential footgun :)
|Issue Title||Created Date||Updated Date|