This HTML code uses JavaScript to bind values into HTML output. The syntax #expression# is used to insert values, for example from user input.
To prevent potential script injection attacks in HTML, you must use #docly.toHtml(expression)# to escape all HTML characters.
If a field that is bound is converted to a number in the code, or already has docly.format wrapped, it does not need toHtml.
Task: Review the file and identify any instances of binding that lack this security mechanism (docly.toHtml).

This HTML code uses JavaScript to bind values into HTML output. The syntax #expression# is used to insert values, for example from user input.
To prevent potential script injection attacks in HTML, you must use #docly.toHtml(expression)# to escape all HTML characters.
If a field that is bound is converted to a number in the code, or already has docly.format wrapped, it does not need toHtml.
Task: Review the file and identify any instances of binding that lack this security mechanism (docly.toHtml).

If there are noe issues in the file, please respond only with the word "OK" otherwise respond with "lineno: comment" in a comma seperated text response. No other comments.