doc/go1.14: add missing release note about text/template escaping

Change-Id: If8b066124cb46a0e2a87eaf0271ee46221f02a3d Reviewed-on: https://go-review.googlesource.com/c/website/+/328129 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2020-06-30 13:27:53 -0400
committer: Filippo Valsorda <filippo@golang.org> 2021-06-15 16:55:40 +0000
commit: 91e49064155485e54b5d5e01c0064e512880753f (patch)
tree: d5e0ef77b460ff99383ffd7e7fa470bfe50225af
parent: d83135168906764d09834ef7d02cf3f414e41abe (diff)
download: go-x-website-91e49064155485e54b5d5e01c0064e512880753f.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/_content/doc/go1.14.html b/_content/doc/go1.14.html
index 35b6947e..d2f1b76c 100644
--- a/_content/doc/go1.14.html
+++ b/_content/doc/go1.14.html
@@ -908,6 +908,12 @@ Do not send CLs removing the interior tags from such phrases.
       The erroneous case never worked as expected, and will now be
       reported with an error <code>can't give argument to non-function</code>.
     </p>
+
+    <p><!-- CL 207637 -->
+      <a href="/pkg/text/template/#JSEscape"><code>JSEscape</code></a> now
+      escapes the <code>&amp;</code> and <code>&equals;</code> characters to
+      mitigate the impact of its output being misused in HTML contexts.
+    </p>
   </dd>
 </dl><!-- text/template -->
author	Filippo Valsorda <filippo@golang.org>	2020-06-30 13:27:53 -0400
committer	Filippo Valsorda <filippo@golang.org>	2021-06-15 16:55:40 +0000
commit	91e49064155485e54b5d5e01c0064e512880753f (patch)
tree	d5e0ef77b460ff99383ffd7e7fa470bfe50225af
parent	d83135168906764d09834ef7d02cf3f414e41abe (diff)
download	go-x-website-91e49064155485e54b5d5e01c0064e512880753f.tar.xz