Treat File::getShortDesc() as possibly unsafe HTML

File::getShortDesc() is documented to return HTML, but some handlers
return unescaped plain text.

Bug: T395834
Change-Id: I150f0215339b4ac18254fce2be138b1cde2277d5
(cherry picked from commit b2a9cc1564397e27fd80e44e99e1905fcbd10684)

includes/search/searchwidgets/FullSearchResultWidget.php

@@ -11,6 +11,7 @@ use MediaWiki\HookContainer\HookRunner;
 use MediaWiki\Html\Html;
 use MediaWiki\Linker\LinkRenderer;
 use MediaWiki\MainConfigNames;
+use MediaWiki\Parser\Sanitizer;
 use MediaWiki\Search\Entity\SearchResultThumbnail;
 use MediaWiki\Search\SearchResultThumbnailProvider;
 use MediaWiki\Specials\SpecialSearch;
@@ -317,9 +318,14 @@ class FullSearchResultWidget implements SearchResultWidget {
 			return [ $html, null, $this->generateThumbnailHtml( $result ) ];
 		}
 
+		// File::getShortDesc() is documented to return HTML, but many handlers used to incorrectly
+		// return plain text (T395834), so sanitize it in case the same bug is present in extensions.
+		$unsafeShortDesc = $img->getShortDesc();
+		$shortDesc = Sanitizer::removeSomeTags( $unsafeShortDesc );
+
 		return [
 			$html,
-			$this->specialPage->msg( 'parentheses' )->rawParams( $img->getShortDesc() )->escaped(),
+			$this->specialPage->msg( 'parentheses' )->rawParams( $shortDesc )->escaped(),
 			$this->generateThumbnailHtml( $result, $thumbnail )
 		];
 	}