Verify that escaping and security are tight on dynamic pages

[rglover]

Because we're using a different path than SSR to load data for dynamic pages, we'll want to ensure that the same escaping/security considerations made for SSR are present there. Shouldn't be much to do other than escaping the data on the server before returning it to the dynamic page request.