Would it help if we changed the (server-side) escaping of these macro marker comment contents to use HTML escaping? I imagine this could also be beneficial from a security point of view. This would be a breaking change if we consider the form of escaping API. There is no standard how to escape content in HTML comments, unfortunately, our escaping is completely custom.