hi, I found a bug in the code that'd cause xss issue. ``` return template.HTML(fmt.Sprintf(`<input type="text" value="%s" name=%q id=%q%s>`, field.Value, field.Name, field.Name, attrsStr)) ``` if field.Value is `"><script>alert(123)</script>`
