post from @reednj on 2016-12-14 10:03:36 -0800
@erlehmann :/ I'm using the default ruby escaping, so hopfully no XSS haha