The following errors show up on the logs when ProofreadPage CI is run:
includes/Parser/PagelistTagParser.php:111 SecurityCheck-XSS Calling method \HtmlArmor::__construct() in \ProofreadPage\Parser\PagelistTagParser::render that outputs using tainted argument #1 (`$pageNumberExpression`). (Caused by: Builtin-\HtmlArmor::__construct) (Caused by: includes/Parser/PagelistTagParser.php +92; includes/Pagination/PageNumber.php +87; ../../includes/language/Language.php +3171; ../../includes/language/Language.php +3026; Builtin-\Message::text; includes/Pagination/PageNumber.php +89) (Param is raw) 12:26:42 includes/ProofreadPage.php:165 SecurityCheck-XSS Outputting user controlled HTML from Parser tag hook \closure_e7e7e461b462 (Caused by: includes/Parser/PagelistTagParser.php +122; includes/Parser/PagelistTagParser.php +115; includes/Parser/PagelistTagParser.php +92; includes/Pagination/PageNumber.php +87; ../../includes/language/Language.php +3171; ../../includes/language/Language.php +3026; Builtin-\Message::text; includes/Pagination/PageNumber.php +89; ../../includes/Html/Html.php +240)
Filing this under a security issue in case this turns out to be legitimate.