How to prevent using HTML in tree nodes?

[DumboJet]

I am concerned with security a lot and I have noticed that the node title is rendered as HTML.
Can I prevent that and render the title as text?

Can someone suggest how to best achieve this (preferably without pre-encoding the titles on the server, but doing it on the client)?

I use the tree like so:

        $("#tree").fancytree({
            checkbox: true,
            source: @Html.Raw(@Model.TreeData),
            lazyLoad: function(event, data) {
                data.result =
                $.ajax({
                    url: '/Api/GetFancyTreeContent',
                    type: 'post',
                    data: {
                        catId: data.node.key,
                        skipCache: false
                    }
                });
            },
       ......................

Any input would be appreciated. :)
Thanks. :)

[DumboJet]

OK. This addition seems to be working:

            ...
            createNode: function(e, data) {
                var n = data.node;
                n.plainTitle = n.title; // Keep this for later use...
                n.setTitle($('<div/>').text(n.title).html());
            }
            ...

State any objections you may have. :)

[mar10]

This should work (of course only, if the title is not re-rendered, so you could move this code to the render event).
This topic was brought up before, so I will reconsider a general solution.
See #171