HomePhabricator

Use msg->parse() instead of msg->text()

Description

Use msg->parse() instead of msg->text()

Per security review, we should use parse to mitigate the risk of
potentially dangerous HTML being added to the language files,
since parse will escape/sanitize the input.

Bug: T266513
Change-Id: I59ece57e7b0b95a9f6913377f2796436df614bef

Details

Provenance
AnneTAuthored on Apr 5 2021, 9:19 PM
Parents
rEMED6a1fac8e4301: Apply diff up to 7aab874136853735c03ece84a91e89c73a0014dd
Branches
Unknown
Tags
Unknown
References
refs/changes/30/677030/1
ChangeId
I59ece57e7b0b95a9f6913377f2796436df614bef