From 17436efd17741258e43d997792b6343574a51212 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20R=C3=BCger?= <manuel@rueg.eu>
Date: Fri, 13 Mar 2026 09:03:58 +0100
Subject: [PATCH] renderer: HTML-escape admonition title and guard against
 empty attachments

mkDocsAdmonition: escape the admonition title with html.EscapeString
before inserting it into the Confluence storage format XML. An unescaped
title containing '<', '>', '&', or '"' would break the XML structure.

image: add a len(attachments)==0 guard before accessing attachments[0]
in the local-attachment code path. ResolveLocalAttachments always returns
either an error or the requested attachments, so this is currently
unreachable, but the explicit check prevents a future silent panic if the
function's behaviour changes.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 renderer/image.go            | 4 ++++
 renderer/mkDocsAdmonition.go | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/renderer/image.go b/renderer/image.go
index 689b6dc..f273df9 100644
--- a/renderer/image.go
+++ b/renderer/image.go
@@ -2,6 +2,7 @@ package renderer
 
 import (
 	"bytes"
+	"fmt"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -143,6 +144,9 @@ func (r *ConfluenceImageRenderer) renderImage(writer util.BufWriter, source []by
 			},
 		)
 	} else {
+		if len(attachments) == 0 {
+			return ast.WalkStop, fmt.Errorf("no attachment resolved for %q", string(n.Destination))
+		}
 
 		r.Attachments.Attach(attachments[0])
 
diff --git a/renderer/mkDocsAdmonition.go b/renderer/mkDocsAdmonition.go
index 7f6e72a..20244d8 100644
--- a/renderer/mkDocsAdmonition.go
+++ b/renderer/mkDocsAdmonition.go
@@ -2,6 +2,7 @@ package renderer
 
 import (
 	"fmt"
+	stdhtml "html"
 	"strconv"
 
 	parser "github.com/stefanfritsch/goldmark-admonitions"
@@ -81,7 +82,7 @@ func (r *ConfluenceMkDocsAdmonitionRenderer) renderMkDocsAdmonition(writer util.
 
 		title, _ := strconv.Unquote(string(n.Title))
 		if title != "" {
-			titleHTML := fmt.Sprintf("<p><strong>%s</strong></p>\n", title)
+			titleHTML := fmt.Sprintf("<p><strong>%s</strong></p>\n", stdhtml.EscapeString(title))
 			if _, err := writer.Write([]byte(titleHTML)); err != nil {
 				return ast.WalkStop, err
 			}