OWASP

It will come as no surprise that FreshMarker, like all other template engines, must take precautions against template injection. Template injection is a security vulnerability that occurs when an application handles templates insecurely. Templates are prefabricated files or strings with placeholders that are replaced by data from users or other sources. Similar to FreeMarker, FreshMarker also has an escape mechanism that detects special characters in the interpolations using a harmless variant. If the standard mechanism is not enough, OWASP can help out.