@bep Do you want to create a poll about changing the default of unsafe to true?
My reasoning is that whoever is adding HTML embedded in the Markdown content in their Hugo sites is knowingly doing that, and they would always need to set unsafe = true.
So far, I haven’t found a reason why one would need to set that to false.
What kind of risk do you foresee on a Hugo generated static site by leaving the unsafe default to false? (There are other means to prevent malicious code injections, like the use of CSP.)