For example, see wikidata:Special:Diff/606650780. The edit summary
(Restore revision 597045630 by *Youngjin)
is rendered as
Restore revision 597045630 by
As I’m reporting this, Wikidata is on 1.31.0-wmf.11 (6d47031).
I have also reproduced this locally in “undo” edit messages. “rollback” messages, on the other hand, appear unaffected.
This only seems to happen on Wikibase entity pages.
I’m reporting this as a security issue because I feel like there might be a slight risk of an XSS vulnerability here (even though <script>alert('pwnd')</script> is not a valid username and would also presumably be escaped by the wikitext parser that is apparently applied being to these summaries).