@kamael reported a reflected XSS vulnerability within image rendering on render.github.com. While exploitation of this vulnerability was limited to a sandboxed domain, we still took the threat seriously. We addressed the behavior by properly escaping user-controlled input. We also migrated to views that escape output by default to prevent similar issues from being introduced in future development.