bug(security): CVE-2025-53865 - XSS bug Extensive fixes in devel, responsive templates known to be exploitable. Similar constructs in classic and minimal templates not known to be exploitable, but changed anyway. doc/upgrading.txt: Reformat to 66 characters. Update with assigned CVE number. Add section on fixing tal:replace with unsafe data. Document analysis and assumptions in comment in file. doc/security.txt: Update with CVE number.

def audit_html_files(db, cl, nodeid, newvalues):
    if 'type' in newvalues and newvalues['type'] == 'text/html':
        newvalues['type'] = 'text/plain'
    

def init(db):
    db.file.audit('set', audit_html_files)
    db.file.audit('create', audit_html_files)