EPUB output contains unescaped content in a number of HTML attributes. I'm seeing this with:
- The content attribute for <meta> with name="description"
- The content attribute for <meta> name="keywords"
- The title attribute of the <link> elements with rel="next" and rel="prev"
HTML output also has these same tags and attributes, but the content seems fine in my case. This may not actually be due to better escaping, as it looks like entirely different content is being used for the attribute values when generating HTML, and the content is, in this case at least, safe without escaping.
Changing the values to be the same as those used when generating HTML would solve the problem in my case, but it is probably best to make sure that attribute values are always escaped.
What should be escaped? Quotation marks must be. Ambiguous ampersands must be. But it is probably prudent to escape all ampersands and all occurrences of < or >.
I'm sorry I can't suggest a fix in the code—I'm not familiar with the Texinfo codebase and it's been decades since I've coded in Perl or C.
I'm using texi2any 7.1.1