Prevents possible injection of "-->" and other HTML by extensions using
the ParserLimitReport hook.
bug: 46084
Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
"Highest expansion depth: {$this->mHighestExpansionDepth}/{$this->mOptions->getMaxPPExpandDepth()}\n" .
$PFreport;
wfRunHooks( 'ParserLimitReport', array( $this, &$limitReport ) );
+
+ // Sanitize for comment. Note '‐' in the replacement is U+2010,
+ // which looks much like the problematic '-'.
+ $limitReport = str_replace( array( '-', '&' ), array( '‐', '&' ), $limitReport );
+
$text .= "\n<!-- \n$limitReport-->\n";
if ( $this->mGeneratedPPNodeCount > $this->mOptions->getMaxGeneratedPPNodeCount() / 10 ) {