From 91e49064155485e54b5d5e01c0064e512880753f Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 30 Jun 2020 13:27:53 -0400
Subject: doc/go1.14: add missing release note about text/template escaping

Change-Id: If8b066124cb46a0e2a87eaf0271ee46221f02a3d
Reviewed-on: https://go-review.googlesource.com/c/website/+/328129
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
---
 _content/doc/go1.14.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/_content/doc/go1.14.html b/_content/doc/go1.14.html
index 35b6947e..d2f1b76c 100644
--- a/_content/doc/go1.14.html
+++ b/_content/doc/go1.14.html
@@ -908,6 +908,12 @@ Do not send CLs removing the interior tags from such phrases.
       The erroneous case never worked as expected, and will now be
       reported with an error <code>can't give argument to non-function</code>.
     </p>
+
+    <p><!-- CL 207637 -->
+      <a href="/pkg/text/template/#JSEscape"><code>JSEscape</code></a> now
+      escapes the <code>&amp;</code> and <code>&equals;</code> characters to
+      mitigate the impact of its output being misused in HTML contexts.
+    </p>
   </dd>
 </dl><!-- text/template -->
 
-- 
cgit v1.3