Redesign PreEscaped API

[lambda-fairy]

The current PreEscaped API has a few issues:

• The PreEscaped / Markup naming was lifted from blaze-markup, which supports both HTML and XML. But Maud was always HTML-only, and the upcoming context-aware escaping effort will deepen this specialization.
  • Let's rename it to just Html.
• PreEscaped wraps any T: AsRef<str>, but I've only seen it used with String and &'static str.
  • Let's make it wrap Cow<'static, str> instead.
• The PreEscaped constructor makes it too easy to treat any arbitrary string as HTML. Modern APIs like the Trusted Types proposal force the user to do some sanitizing/escaping first, or at least acknowledge the security risk if they don't.
  • Let's remove the public constructor, and replace it with...

    impl Html {
        pub sanitize(value: &str) -> Self;
        pub from_trusted(value: impl Into<Cow<'static, str>>) -> Self;
    }

    Notice how the safe (sanitize) option is shorter!

[zopieux]

Just wanted to mention that PreEscaped was confusing to me when I discovered maud. So 👍 on that rename, it would be a net positive wrt discoverability, IMO.

[JohnDowson]

There needs to be consideration for making sure it is possible to serialize Html for use-cases like pushing DOM updates over websocket messages. Either Html need to be Into<String> or maud needs to have a serde feature.