Page MenuHomePhabricator
Files F65768891

T402146.patch
SomeRandomDeveloper
Actions

Authored By
SomeRandomDeveloper
Aug 17 2025, 9:16 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T402146.patch
View Options

From 9d01a88dfc3a5e9ca2ed87e9898b5af8e7e3ec9b Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Sun, 17 Aug 2025 23:15:32 +0200
Subject: [PATCH] SECURITY: Escape system messages before inserting them into
HTML
This fixes a stored i18n XSS vulnerability.
Bug: T402146
Change-Id: I91bba2b570643ef74e6c210e7250e05cd2aa388e
---
modules/ext.advancedSearch.defaultFields.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/ext.advancedSearch.defaultFields.js b/modules/ext.advancedSearch.defaultFields.js
index 7eb323c..7ff8ae6 100644
--- a/modules/ext.advancedSearch.defaultFields.js
+++ b/modules/ext.advancedSearch.defaultFields.js
@@ -92,7 +92,7 @@ const getOptionHelpMessage = function ( id ) {
// * advancedsearch-field-plain
// * advancedsearch-field-sort
// * advancedsearch-field-subpageof
- const head = mw.msg( 'advancedsearch-field-' + id );
+ const head = mw.message( 'advancedsearch-field-' + id ).escaped();
return new OO.ui.HtmlSnippet( '<h6 class="mw-advancedSearch-tooltip-head">' + head + '</h6>' +
'<div class="mw-advancedSearch-tooltip-body">' + message + '</div>' );
};
--
2.50.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
21671133
Default Alt Text
T402146.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits