Manuel Rüger 17436efd17 renderer: HTML-escape admonition title and guard against empty attachments ...

mkDocsAdmonition: escape the admonition title with html.EscapeString
before inserting it into the Confluence storage format XML. An unescaped
title containing '<', '>', '&', or '"' would break the XML structure.

image: add a len(attachments)==0 guard before accessing attachments[0]
in the local-attachment code path. ResolveLocalAttachments always returns
either an error or the requested attachments, so this is currently
unreachable, but the explicit check prevents a future silent panic if the
function's behaviour changes.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-03-16 19:18:29 +01:00

3.3 KiB

Raw Blame History

View Raw