In order to generate validating XHTML and XML, it would be very useful to have an escapeXml attribute for the cms:out tag. Currently one has to rely on JSTL to get proper escaping, like this:

<cms:out nodeDataName="text" var="text"/><c:out value="${text}"/>

(Note the JSTL c:out tag escapes by default, though you can turn it off with its escapeXml attribute.)

It would be nicer to be able to do this:

<cms:out nodeDataName="text" escapeXml="true" />

Since magnolia templates (FCK Editor paragraphs especially) rely on the existing behavior, this attribute probably needs to default to false, rather than true as the JSTL template does.