After T229541 was reported and resolved, I checked [[ https://www.mediawiki.org/wiki/Extension:MobileFrontend | MobileFrontend ]] for more instances of `Sanitizer::stripAllTags()` and found another one in [[ https://gerrit.wikimedia.org/g/mediawiki/extensions/MobileFrontend/+/737fda853af38fbc3bc62f964af606d7033ebc65/includes/specials/SpecialMobileWatchlist.php#391 | `includes/specials/SpecialMobileWatchlist.php` ]] and confirmed it also renders an XSS.
**Steps to reproduce:**
# Create a test page or edit any wiki page
# Enter some JavaScript within the edit summary field, e.g. `<script>alert('xss')</script>`
# Add this page to your watchlist
# Visit the mobile version of your watchlist, e.g. https://en.m.wikipedia.org/w/index.php?title=Special:Watchlist&watchlistview=feed&filter=all
**n.b.** there are a few more calls to `Sanitizer::stripAllTags` [[ https://codesearch.wmflabs.org/extensions/?q=Sanitizer%3A%3AstripAllTags&i=nope&files=&repos= | within other extensions ]] and it's probably worth auditing these. I think we're also hoping to catch more issues like this by [[ https://gerrit.wikimedia.org/r/c/mediawiki/core/+/530009 | setting `Sanitizer::stripAllTags`' `@return-taint` to tainted ]] for phan-taint-check.