If we'll write some crap into properties file, that needs to be escaped, i.e. double-quotes, we see that this line is not changed, so software that uses packager might be vulnerable because of this.

I attach some HelloWorld project to see this, to invoke it with htmlparamfiles type:
ant -f simple-build-big-cli.xml deploy-with-htmlparamfile