{{apptitle}}: \{\{ username = "defaced value"; \}\}

{{username}} attempts to inject code which will deface the application, but fails to accomplish their task, because the server has correctly escaped the interpolation start/end markers with REVERSE SOLIDUS U+005C (backslash) characters.

Instead, the result of the attempted script injection is visible, and can be removed from the database by an administrator.