Mustache automatically converts html special characters
One advantage of using a templating engine such as mustache is that it automatically converts certain special characters to HTML entities, which is part of security best practices. So < will become < and > becomes > If this was unsafe user inputted data, the conversion would prevent injection of any script tags.
Continuing from our getting-started tutorial on mustache.php, if we pass in data of <John> …
We would get this source output …
If we had using straight PHP without templating engine, we would have to do …
<?php echo htmlspecialchars($firstname); ?>
everytime we output user inputted data.