Escape / ?

[danielcompton]

OWASP recommend escaping forward slashes as well. Would you be happy to take a PR for this?

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content

[weavejester]

Maybe... It doesn't make a very strong case for that recommendation, but on the other hand I don't see the harm in it, either.