Consider the "no plain text template in HTML" for shortcodes rendered with {{% #13698
Description
See https://discourse.gohugo.io/t/documentation-on-necessary-steps-to-update-templates/54670/2
The security concern/fix is real, e.g.
{{< injectsomejs.js >}}
Would be rendered without any escaping.
But:
{{% mymarkdown.md %}}
Is rendering markdown, and that should work, I guess.