doc/go1.14: add missing release note about text/template escaping Change-Id: If8b066124cb46a0e2a87eaf0271ee46221f02a3d Reviewed-on: https://go-review.googlesource.com/c/website/+/328129 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

commit: 91e49064155485e54b5d5e01c0064e512880753f [log] [tgz]
author: Filippo Valsorda <filippo@golang.org> Tue Jun 30 13:27:53 2020 -0400
committer: Filippo Valsorda <filippo@golang.org> Tue Jun 15 16:55:40 2021 +0000
tree: d5e0ef77b460ff99383ffd7e7fa470bfe50225af
parent: d83135168906764d09834ef7d02cf3f414e41abe [diff]
diff --git a/_content/doc/go1.14.html b/_content/doc/go1.14.html
index 35b6947..d2f1b76 100644
--- a/_content/doc/go1.14.html
+++ b/_content/doc/go1.14.html

@@ -908,6 +908,12 @@
       The erroneous case never worked as expected, and will now be
       reported with an error <code>can't give argument to non-function</code>.
     </p>
+
+    <p><!-- CL 207637 -->
+      <a href="/pkg/text/template/#JSEscape"><code>JSEscape</code></a> now
+      escapes the <code>&amp;</code> and <code>&equals;</code> characters to
+      mitigate the impact of its output being misused in HTML contexts.
+    </p>
   </dd>
 </dl><!-- text/template -->
commit	91e49064155485e54b5d5e01c0064e512880753f	[log] [tgz]
author	Filippo Valsorda <filippo@golang.org>	Tue Jun 30 13:27:53 2020 -0400
committer	Filippo Valsorda <filippo@golang.org>	Tue Jun 15 16:55:40 2021 +0000
tree	d5e0ef77b460ff99383ffd7e7fa470bfe50225af
parent	d83135168906764d09834ef7d02cf3f414e41abe [diff]