0.5.0

Discussing the 0.4.0 release made me think I should quickly make one further change: inferring the escape mode from the template path, or a specified extension if you're using the source attribute. This means escaping is now only on by default for templates with a html, htm, or xml extension. In addition, this release escapes more characters, according to the OWASP recommendations.

If you spent time making changes for the 0.4.0 upgrade already, sorry about the churn! I believe this minimizes boilerplate and hopefully doesn't introduce too much magic.