that STDIN can be used for page list
* Sanitizer::decodeCharReferences() now decodes the XHTML "'" character
entity (loosely related to bug 14365)
-* Fix XSS in Special:Search with extended engine features ("did you mean")
=== API changes in 1.14 ===
}
/**
- * @return string highlighted suggested query, '' if none
+ * @return string HTML highlighted suggested query, '' if none
*/
function getSuggestionSnippet(){
return '';
$this->powerSearchOptions()
);
$suggestLink = $sk->makeKnownLinkObj( $st,
- htmlspecialchars( $textMatches->getSuggestionSnippet() ),
+ $textMatches->getSuggestionSnippet(),
$stParams );
$this->didYouMeanHtml = '<div class="searchdidyoumean">'.wfMsg('search-suggest',$suggestLink).'</div>';
$this->powerSearchOptions());
$suggestLink = $sk->makeKnownLinkObj( $st,
- htmlspecialchars( $textMatches->getSuggestionSnippet() ),
+ $textMatches->getSuggestionSnippet(),
$stParams );
$wgOut->addHTML('<div class="searchdidyoumean">'.wfMsg('search-suggest',$suggestLink).'</div>');