Is the XSS in the basic CRUD (by scaffold) intentional?

[LouisP0]

When I create a project (loco new) with SSR, I generate a scaffold with cargo loco generate scaffold post title:string content:text --html (also working with --htmx) and I start the application (cargo loco start), both fields in http://localhost:5150/posts are vulnerable to stored XSS.
This is my first experiment with loco.rs and it was quite strange, so I'd like to ask if this is intentional (that probably is the case) but also why.

Steps to reproduce:
loco new
Enter: testproject
Choose server side rendering
Choose SQLite as database
Choose Tokio for async
cd testproject
cargo loco generate scaffold post title:string content:text --html
cargo loco start
VIsit: http://localhost:5150/posts
Enter in the fields: <script>alert(1)</script> and <script>alert(2)</script>
Submit

What happens:
Two alerts (1 and 2) spawn.

What I expected:
Just having the payloads normally displayed (because HTML escaped).

Thanks in advance.

[kaplanelad]

Thanks. created an issue