Some template engines allow disabling HTML escaping, which can allow XSS vulnerabilities.
Apply with the Grit CLI
grit apply remove_escape_markup
Removes .escapeMarkup = false
BEFORE
something; object.escapeMarkup = false; something(els); object.escapeMarkup = false;
AFTER
something; something(els);