<p>Well maybe, but just because you can make it do something unintended doesn't mean there is a security issue. I'm sure there are lots of way to make it do silly things if you feed it unintended output but if those things are harmless then I'm not really worried - the only away to avoid that would be to add vast amount of detailed validation of inputs.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2229?email_source=notifications&email_token=AAK2OLNK2BDPUQI332KLPP3PWHBNLA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXLBNI#issuecomment-493793461">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLM6IYLGBJ4UTHFMXTLPWHBNLANCNFSM4HN5ECSQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/AAK2OLKH3EQW2EDE6ZF5X6TPWHBNLA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXLBNI.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2229?email_source=notifications\u0026email_token=AAK2OLNK2BDPUQI332KLPP3PWHBNLA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXLBNI#issuecomment-493793461",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2229?email_source=notifications\u0026email_token=AAK2OLNK2BDPUQI332KLPP3PWHBNLA5CNFSM4HN5ECS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXLBNI#issuecomment-493793461",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>