From: Roan Kattouw <roan.kattouw@gmail.com>
Date: Wed, 25 Oct 2017 09:09:05 +0000 (+0530)
Subject: RCFilters: HTML-escape tag names in filter capsules
X-Git-Tag: 1.31.0-rc.0~1627^2~1
X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_aide%28?a=commitdiff_plain;h=2cddc4dd54c2b03390ed3e3149b3d96de2b1168f;p=lhc%2Fweb%2Fwiklou.git

RCFilters: HTML-escape tag names in filter capsules

Bug: T178975
Change-Id: I9544a675fa2801bdb5d7de3ebd162a4214de740f
---

diff --git a/resources/src/mediawiki.rcfilters/dm/mw.rcfilters.dm.ItemModel.js b/resources/src/mediawiki.rcfilters/dm/mw.rcfilters.dm.ItemModel.js
index d940321342..2b5d020167 100644
--- a/resources/src/mediawiki.rcfilters/dm/mw.rcfilters.dm.ItemModel.js
+++ b/resources/src/mediawiki.rcfilters/dm/mw.rcfilters.dm.ItemModel.js
@@ -83,12 +83,13 @@
 	 * Get a prefixed label
 	 *
 	 * @param {boolean} inverted This item should be considered inverted
-	 * @return {string} Prefixed label
+	 * @return {string} Prefixed label (HTML)
 	 */
 	mw.rcfilters.dm.ItemModel.prototype.getPrefixedLabel = function ( inverted ) {
+		var escapedLabel = mw.html.escape( this.getLabel() );
 		if ( this.labelPrefixKey ) {
 			if ( typeof this.labelPrefixKey === 'string' ) {
-				return mw.message( this.labelPrefixKey, this.getLabel() ).parse();
+				return mw.message( this.labelPrefixKey, escapedLabel ).parse();
 			} else {
 				return mw.message(
 					this.labelPrefixKey[
@@ -97,11 +98,11 @@
 						inverted && this.isSelected() ?
 							'inverted' : 'default'
 					],
-					this.getLabel()
+					escapedLabel
 				).parse();
 			}
 		} else {
-			return this.getLabel();
+			return escapedLabel;
 		}
 	};