mirror of
https://github.com/kovetskiy/mark.git
synced 2026-03-17 07:57:37 +08:00
807d057f7b
Remove the dead second 'if err != nil' block after the already-checked lib.Templates assignment. Add html.EscapeString as 'xmlesc' template function and apply it to user-controlled string parameters in ac:code, ac:status, and ac:box templates. Values like .Title, .Color, .Language, and .Theme can contain XML special characters (<, >, &, ") when supplied by users, which would break Confluence storage format XML structure. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>