Pattern: Use of Mako templates
Issue: -
Mako templates allow HTML/JS rendering by default and are
inherently open to XSS attacks. Ensure variables in all templates are
properly sanitized via the n, h or x flags (depending on context).
For example, to HTML escape the variable data do ${ data |h }.