Merge "Paranoia, escape image alignment parameters before outputting."

author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>

Mon, 27 Aug 2018 19:10:41 +0000 (19:10 +0000)

committer Gerrit Code Review <gerrit@wikimedia.org>

Mon, 27 Aug 2018 19:10:41 +0000 (19:10 +0000)
author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Mon, 27 Aug 2018 19:10:41 +0000 (19:10 +0000)
committer Gerrit Code Review <gerrit@wikimedia.org>
Mon, 27 Aug 2018 19:10:41 +0000 (19:10 +0000)
diff --git a/includes/Linker.php b/includes/Linker.php

index 08a5724..7e56522 100644 (file)
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -431,7 +431,11 @@ class Linker {
                         $s = $thumb->toHtml( $params );
                 }
                 if ( $frameParams['align'] != '' ) {
-                       $s = "<div class=\"float{$frameParams['align']}\">{$s}</div>";
+                       $s = Html::rawElement(
+                               'div',
+                               [ 'class' => 'float' . $frameParams['align'] ],
+                               $s
+                       );
                 }
                 return str_replace( "\n", ' ', $prefix . $s . $postfix );
         }
author	jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
	Mon, 27 Aug 2018 19:10:41 +0000 (19:10 +0000)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Mon, 27 Aug 2018 19:10:41 +0000 (19:10 +0000)