> My personal rule: Every time a value is inserted into a string it must be properly encoded.
This is how Django templates have done it for over a decade. You have to go out of your way to tell it not to escape the values if for some reason you need that.
This is how Django templates have done it for over a decade. You have to go out of your way to tell it not to escape the values if for some reason you need that.