Solution:
In the docs it is called “Double curly brace syntax”:
Be very careful when echoing content that is supplied by users of your application. Always use the escaped,
double curly brace syntaxto prevent XSS attacks when displaying user supplied data.