SECURITY: Parse messages instead of inserting them as HTML

CVE-2025-61640 This fixes a stored i18n XSS vulnerability in Special:RecentChangesLinked. Bug: T402075 Change-Id: I94d89e3f14920122cfd2f949850027122d1e2b6b
2025-08-16 10:43:02 +02:00 · 2025-08-16 10:43:02 +02:00 · d2d60515fb
commit d2d60515fb
parent 5f21cc528e
1 changed files with 2 additions and 2 deletions
--- a/resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js
+++ b/resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js
@ -17,11 +17,11 @@ const RclToOrFromWidget = function MwRcfiltersUiRclToOrFromWidget(

 	this.showLinkedFrom = new OO.ui.MenuOptionWidget( {
 		data: 'from', // default (showlinkedto=0)
-		label: new OO.ui.HtmlSnippet( mw.msg( 'rcfilters-filter-showlinkedfrom-option-label' ) )
+		label: new OO.ui.HtmlSnippet( mw.message( 'rcfilters-filter-showlinkedfrom-option-label' ).parse() )
 	} );
 	this.showLinkedTo = new OO.ui.MenuOptionWidget( {
 		data: 'to', // showlinkedto=1
-		label: new OO.ui.HtmlSnippet( mw.msg( 'rcfilters-filter-showlinkedto-option-label' ) )
+		label: new OO.ui.HtmlSnippet( mw.message( 'rcfilters-filter-showlinkedto-option-label' ).parse() )
 	} );

 	// Parent