Basic html escape in hugo for simple xss prevention

[s3gm3nt4ti0nf4ult]

Putting unsanitized HTML entities into source code could lead to XSS by creating a malicious comment. The impact of XSS on static site is not as high as it could be in other cases, but it's worth noting. Probably staticman should do someting about XSS and entities encoding?