HomePhabricator

SECURITY: Unescaped message used in HTML within LogEventsList

Description

SECURITY: Unescaped message used in HTML within LogEventsList

  • Use options-messages instead of text() for messages used to build HTML multi-select field.
  • Clean up old FIXME conditional since T199657 has been resolved for over a year now.

CVE-2020-25815

Bug: T256171
Change-Id: Ib8f95f5510320f7fc2163625214c3c198be5941a

Details

Provenance
sbassettAuthored on Jun 23 2020, 7:44 PM
ReedyCommitted on Sep 24 2020, 1:30 PM
Parents
rMW358c1ec070d4: SECURITY: Escape messages used as keys on Special:Contributions
Branches
Unknown
Tags
Unknown
ChangeId
Ib8f95f5510320f7fc2163625214c3c198be5941a