15:29:22 SimpleCaptcha/SimpleCaptcha.php:879 SecurityCheck-DoubleEscaped Calling method \RawMessage::__construct() in \SimpleCaptcha::confirmEditMerged that outputs using tainted argument #1. (Caused by: ../../includes/RawMessage.php +54; ../../includes/language/Message.php +991) (Caused by: Builtin-\Html::element)
Seen on an unrelated patch touching this repo