<%- %> Should mean DON'T escape HTML and <%= %> should mean escape HTML.

[billmei]

This library has opposite conventions from what other libraries expect, such as the official NPM version: https://www.npmjs.com/package/ejs . This is also the convention used in Ruby's native erb templates.

Per the Principle of Least Surprise this library should follow the conventions of the more popular libraries that already exist.

[billmei]

People who use Google to look this up will also see several responses on Stack Overflow which mention that <%= %> is used for escaping.

Examples:

• http://stackoverflow.com/questions/16183748/how-to-escape-html-in-node-js-ejs-view
• http://stackoverflow.com/questions/10326950/render-a-variable-as-html-in-ejs