In the Python ecosystem, there are three popular template render engines: Django's built-in template engine, Jinja2 and Mako.
How good are these render engines against XSS. Is {{ foo }}
enough? Under what sitations do {{ foo }}
fail? The importance of this research is to understand (1) the context-awareness of template engine, if at all,
(2) understand the challenge of encoding in the HTML world, and (3) and best practices when using template
render engine.