{{{something}} is interpreted as "do not escape" instead of syntax error

[AustinMontoya]

In the example from the title, notice that the brackets aren't balanced; we're missing an additional closing '}'. However, rather than causing a syntax error, it interprets the syntax as being a valid "triple-stash", causing a possibly unintended xss vulnerability should someone accidentally fat-finger an extra curly bracket at the beginning.

[kpdecker]

I think this makes sense but I don't think it's as clear what should be done for the {{& escaping case. Should that have a }} or }}}? Will changing that break any existing templates?

@wycats Any opinions here?

Note that adding support for both cases requiring }}} adds about 200 bytes to the fill distro and adding support for matched number of braces adds about 700 bytes to the full distro.

[kpdecker]

The mustache spec has an example using }} for the {{& case, meaning these need to be treated differently.