Well, for starters that is not the front end like a Form, where potentially dangerous JS code can be added by malicious guests, so the Content Templates or View loop editors logically will not remove any code you add to it.
Why that particular user wants to do what is described in that ticket is entirely unclear to me.
If you want to add an email, or "", or whatever code you want to a Content Template, you just add it.
It won't break or change the input, and since you will trust Administrators to not store malicious JS code in a Content Template they create, there is less of a worry as well to escape that input.
Of course Toolset ensures (still) every WordPress implementation of security is followed, and it's impossible to "hack" Toolset like that (at least, by what I know)
Sometimes it's required to use HTML encoded character to then output them properly on the Front end, but that is a very rare case, and by what I see in that ticket linked, not the case there.
I mean, to add an email link, you just add this to a Content Template or View Loop:
<a href="mailto:name@email.com">Link text</a>
That's it, it'll work and not be unsafe.
There is no reason to encode or escape any of the HTML characters as they are valid entities, and not unsafe.
Maybe I misunderstand the issue and will better understand with some context, please feel free to elaborate in this case, so I can give a more appropriate update
Thanks!
