[naasking]

Some dangers with injection attacks if you don't santitize inputs correctly, but this is probably faster than most templating languages like razor.

[bob1029]

There are a lot of ways to manage this problem. My preferred path is to wrap interpolated fields with HttpUtility.UrlEncode() when I know a user can touch it and there are plausible reasons for allowing 'illegal' characters at form submit time.

In terms of performance, it is definitely faster. The amount of time it takes to render these partials is negligible. You'd have to switch up your tooling to measure things in microseconds instead of milliseconds if you wanted any meaningful signal.

[naasking]

The only thing that would be comparable might be something like RazorSlices.

[Xss3]

It's super easy to add sanitization middleware in .NET.