LeafKit's HTML escaping may be skipped for Collection values, enabling XSS
LeafKit HTML-escaping is not working correctly when a template prints a collection (Array / Dictionary) via #(value). This can result in XSS, allowing potentially untrusted input to be rendered unescaped.