From 59b37461ce6397320422149c181b23a37ba8e134 Mon Sep 17 00:00:00 2001
From: Neil Kandalgaonkar <neilk@users.mediawiki.org>
Date: Thu, 26 Jan 2012 02:15:04 +0000
Subject: [PATCH] sanitize outgoing messages

---
 includes/MessageBlobStore.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/MessageBlobStore.php b/includes/MessageBlobStore.php
index be6b27c9ef..f3fc4d3366 100644
--- a/includes/MessageBlobStore.php
+++ b/includes/MessageBlobStore.php
@@ -350,7 +350,12 @@ class MessageBlobStore {
 		$messages = array();
 
 		foreach ( $module->getMessages() as $key ) {
-			$messages[$key] = wfMsgExt( $key, array( 'language' => $lang ) );
+			$messages[$key] =
+				Sanitizer::normalizeCharReferences(
+					Sanitizer::removeHTMLtags(
+						wfMsgExt( $key, array( 'language' => $lang ) )
+					)
+				);
 		}
 
 		return FormatJson::encode( (object)$messages );
-- 
2.20.1