pagetriage-welcome was not escaped or sanitized, because it was using raw HTML deliberately for links. However, this meant it didn't go through the sanitizer, so admins could have added other less friendly HTML.
Related Gerrit Patches:
|mediawiki/extensions/PageTriage : master||Fix unsanitized message|
|Open||None||T2212 Some MediaWiki: messages not safe in HTML (tracking)|
|Open||None||T85864 Special pages, actions and views whose messages don't escape text|
|Resolved||• Mattflaschen-WMF||T112469 Fix unsanitized message in PageTriage|