Template engines should expose (one way or another) available XSS escapers: handlebars: ``` {{xss input "js" "html"}} ``` pebble: ``` {{xss(input, "js", "html")}} ``` freemarker: ``` ${xss (input, "js", "html")} ``` jade: ``` p= xss.apply(input, "js", "html") ``` See #473 and #475
