Escape the HTML within code blocks

[mmattel]

Referencing: Fix and improve highlighting with highlight.js

highlight.js reports in the browser console about unescaped HTML. The messaging is stopped via the referenced PR but the problem is not solved. We have to find a proper way to escape HTML for source blocks.

Note that the security issue is present for a long time but nobody took care. The messaging fix is just a cosmetic thing.

@xoxys fyi

[mmattel]

We keep this issue open to have a reminder to regulary check if a antora fix available. For details see the referenced PR

[mmattel]

Documenting a response in the Antora channel (zulip) about escaping html source blocks.

Guessing that the response comes from Antora 3 and not 2.3
Means that Antora 3 may behave correctly versus v2.3 in terms of escaping.
Finally we know after the upgrade to Antora 3.

Response

Short
<your-command> --> <your-command>

Long
...If you put the following block in your AsciiDoc file:

[,docker]
----
system-docker-compose exec --user www-data owncloud occ <your-command>
----

It will produce the following HTML:

<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-docker hljs" data-lang="docker">system-docker-compose exec --user www-data owncloud occ &lt;your-command&gt;</code></pre>
</div>
</div>