fix: return raw source from RenderJS/RenderCSS to prevent HTML-escaping

RenderJS() and RenderCSS() were executing templates through
html/template's Execute(), which HTML-escapes characters like < to &lt;
in the output. This broke main.js with 8 instances of &lt; in for-loops
and comparisons, causing JS syntax errors.

Use t.Tree.Root.String() to return the raw template source instead,
since these files contain no Go template directives. Adds regression
tests for both functions.

Another manifestation of the text/template → html/template migration
bug from 8f1470b.

Fixes #10

Co-authored-by: Jonathan Popham <jonathanpopham@users.noreply.github.com>

Author: github-actions[bot]

internal/pssg/render/render.go

@@ -245,29 +245,25 @@ func (e *Engine) render(name string, data interface{}) (string, error) {
 }
 
 // RenderCSS reads and returns the CSS template content.
+// Returns raw source instead of executing through html/template,
+// which would HTML-escape characters like < to &lt; in CSS.
 func (e *Engine) RenderCSS() (string, error) {
 	t := e.tmpl.Lookup("_styles.css")
 	if t == nil {
 		return "", nil
 	}
-	var buf bytes.Buffer
-	if err := t.Execute(&buf, nil); err != nil {
-		return "", err
-	}
-	return buf.String(), nil
+	return t.Tree.Root.String(), nil
 }
 
 // RenderJS reads and returns the JS template content.
+// Returns raw source instead of executing through html/template,
+// which would HTML-escape characters like < to &lt; in JS code.
 func (e *Engine) RenderJS() (string, error) {
 	t := e.tmpl.Lookup("_main.js")
 	if t == nil {
 		return "", nil
 	}
-	var buf bytes.Buffer
-	if err := t.Execute(&buf, nil); err != nil {
-		return "", err
-	}
-	return buf.String(), nil
+	return t.Tree.Root.String(), nil
 }
 
 // GenerateCookModePrompt builds a cook-with-AI prompt for a recipe.

internal/pssg/render/render_test.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"html/template"
 	"regexp"
+	"strings"
 	"testing"
 )
 
@@ -157,6 +158,63 @@ func TestTemplateHTMLWouldDoubleEncode(t *testing.T) {
 	t.Log("Warning: template.HTML in script tag parsed as object — behavior may have changed in this Go version")
 }
 
+// TestRenderJSNotHTMLEscaped verifies that RenderJS() returns raw JS source
+// without HTML-escaping. This is a regression test for the html/template
+// migration bug where Execute() would escape < to &lt; in JS code.
+func TestRenderJSNotHTMLEscaped(t *testing.T) {
+	jsSource := `for (var i = 0; i < items.length; i++) { if (i < max) { process(i); } }`
+
+	tmpl := template.New("").Funcs(BuildFuncMap())
+	_, err := tmpl.New("_main.js").Parse(jsSource)
+	if err != nil {
+		t.Fatalf("failed to parse JS template: %v", err)
+	}
+
+	engine := &Engine{tmpl: tmpl}
+	result, err := engine.RenderJS()
+	if err != nil {
+		t.Fatalf("RenderJS() error: %v", err)
+	}
+
+	if strings.Contains(result, "&lt;") {
+		t.Fatalf("RenderJS() HTML-escaped '<' to '&lt;': %s", result)
+	}
+	if strings.Contains(result, "&gt;") {
+		t.Fatalf("RenderJS() HTML-escaped '>' to '&gt;': %s", result)
+	}
+	if strings.Contains(result, "&amp;") {
+		t.Fatalf("RenderJS() HTML-escaped '&' to '&amp;': %s", result)
+	}
+	if !strings.Contains(result, "i < items.length") {
+		t.Fatalf("RenderJS() did not preserve '<' in JS code: %s", result)
+	}
+}
+
+// TestRenderCSSNotHTMLEscaped verifies that RenderCSS() returns raw CSS source
+// without HTML-escaping.
+func TestRenderCSSNotHTMLEscaped(t *testing.T) {
+	cssSource := `.container > .child { color: red; } /* a > b */`
+
+	tmpl := template.New("").Funcs(BuildFuncMap())
+	_, err := tmpl.New("_styles.css").Parse(cssSource)
+	if err != nil {
+		t.Fatalf("failed to parse CSS template: %v", err)
+	}
+
+	engine := &Engine{tmpl: tmpl}
+	result, err := engine.RenderCSS()
+	if err != nil {
+		t.Fatalf("RenderCSS() error: %v", err)
+	}
+
+	if strings.Contains(result, "&gt;") {
+		t.Fatalf("RenderCSS() HTML-escaped '>' to '&gt;': %s", result)
+	}
+	if !strings.Contains(result, "> .child") {
+		t.Fatalf("RenderCSS() did not preserve '>' in CSS code: %s", result)
+	}
+}
+
 // TestLengthWithVariousTypes verifies the reflect-based length function
 // works with all slice types including taxonomy.Entry slices.
 func TestLengthWithVariousTypes(t *testing.T) {