Usage of triple curly braces to allow raw HTML to be injected into the DOM is a large vector for exploits of your application (especially when the raw HTML is user-controllable). Instead of using {{{foo}}}, you should use appropriate helpers or computed properties that return a SafeString (via Ember.String.htmlSafe generally) and ensure that user-supplied data is properly escaped.
This rule forbids the following:
This rule allows the following:
- See the documentation for Ember's
htmlSafefunction