doc/go1.14: add missing release note about text/template escaping
Change-Id: If8b066124cb46a0e2a87eaf0271ee46221f02a3d
Reviewed-on: https://go-review.googlesource.com/c/website/+/328129
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
diff --git a/_content/doc/go1.14.html b/_content/doc/go1.14.html
index 35b6947..d2f1b76 100644
--- a/_content/doc/go1.14.html
+++ b/_content/doc/go1.14.html
@@ -908,6 +908,12 @@
The erroneous case never worked as expected, and will now be
reported with an error <code>can't give argument to non-function</code>.
</p>
+
+ <p><!-- CL 207637 -->
+ <a href="/pkg/text/template/#JSEscape"><code>JSEscape</code></a> now
+ escapes the <code>&</code> and <code>=</code> characters to
+ mitigate the impact of its output being misused in HTML contexts.
+ </p>
</dd>
</dl><!-- text/template -->