From c60a5c4206a6b3b8e30aa87052e5f699e6281908 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <lucas.werkmeister@wikimedia.de>
Date: Wed, 12 Feb 2025 11:29:35 +0100
Subject: [PATCH] SECURITY: Escape newpage message in FeedUtils

Bug: T386175
Change-Id: Ida72c4c03c379cf5a340b2f229f0fe842694559c
(cherry picked from commit 14205eb16d32439b745537906c1d37146b60793b)
---
 includes/Feed/FeedUtils.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Feed/FeedUtils.php b/includes/Feed/FeedUtils.php
index c180da2ff5a..4896c5ca285 100644
--- a/includes/Feed/FeedUtils.php
+++ b/includes/Feed/FeedUtils.php
@@ -251,7 +251,7 @@ class FeedUtils {
 				$diffText = Html::rawElement(
 					'p',
 					[],
-					Html::rawElement( 'b', [], wfMessage( 'newpage' )->text() )
+					Html::element( 'b', [], wfMessage( 'newpage' )->text() )
 				);
 				$diffText .= Html::rawElement( 'div', [], $html );
 			}