From d2d60515fb535f2e4cba949cc424bd96ead7ea79 Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Sat, 16 Aug 2025 10:43:02 +0200
Subject: [PATCH] SECURITY: Parse messages instead of inserting them as HTML

CVE-2025-61640

This fixes a stored i18n XSS vulnerability in
Special:RecentChangesLinked.

Bug: T402075
Change-Id: I94d89e3f14920122cfd2f949850027122d1e2b6b
---
 resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js b/resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js
index a13dc6b142d..41607859f73 100644
--- a/resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js
+++ b/resources/src/mediawiki.rcfilters/ui/RclToOrFromWidget.js
@@ -17,11 +17,11 @@ const RclToOrFromWidget = function MwRcfiltersUiRclToOrFromWidget(
 
 	this.showLinkedFrom = new OO.ui.MenuOptionWidget( {
 		data: 'from', // default (showlinkedto=0)
-		label: new OO.ui.HtmlSnippet( mw.msg( 'rcfilters-filter-showlinkedfrom-option-label' ) )
+		label: new OO.ui.HtmlSnippet( mw.message( 'rcfilters-filter-showlinkedfrom-option-label' ).parse() )
 	} );
 	this.showLinkedTo = new OO.ui.MenuOptionWidget( {
 		data: 'to', // showlinkedto=1
-		label: new OO.ui.HtmlSnippet( mw.msg( 'rcfilters-filter-showlinkedto-option-label' ) )
+		label: new OO.ui.HtmlSnippet( mw.message( 'rcfilters-filter-showlinkedto-option-label' ).parse() )
 	} );
 
 	// Parent