dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "(bug 36938) XSS in uselang parameter"
[lhc/web/wiklou.git] / languages / Language.php
diff --git a/languages/Language.php b/languages/Language.php
index 5bb7762..85b9fab 100644 (file)
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -3687,6 +3687,9 @@ class Language {
        /**
         * Get the RFC 3066 code for this language object
         *
+        * NOTE: The return value of this function is NOT HTML-safe and must be escaped with
+        * htmlspecialchars() or similar
+        *
         * @return string
         */
        public function getCode() {
@@ -3696,6 +3699,10 @@ class Language {
        /**
         * Get the code in Bcp47 format which we can use
         * inside of html lang="" tags.
+        *
+        * NOTE: The return value of this function is NOT HTML-safe and must be escaped with
+        * htmlspecialchars() or similar.
+        *
         * @since 1.19
         * @return string
         */
Wiklou, le Wiki du Wiklou