From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 27 Feb 2012 21:52:33 +0000 (+0000)
Subject: Revert r110045: well-meaning but broken attempt to apply preemptive XSS protection... 
X-Git-Tag: 1.31.0-rc.0~24483
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/password.php?a=commitdiff_plain;h=35f745de45ad3e0b24a4a3469c0951d04307f4b8;p=lhc%2Fweb%2Fwiklou.git

Revert r110045: well-meaning but broken attempt to apply preemptive XSS protection on messages

This caused bug 34708: broke usage examples in WikiEditor which include <a href> or <img> tags as-is, which is perfectly legit HTML.
---

diff --git a/includes/MessageBlobStore.php b/includes/MessageBlobStore.php
index f3fc4d3366..be6b27c9ef 100644
--- a/includes/MessageBlobStore.php
+++ b/includes/MessageBlobStore.php
@@ -350,12 +350,7 @@ class MessageBlobStore {
 		$messages = array();
 
 		foreach ( $module->getMessages() as $key ) {
-			$messages[$key] =
-				Sanitizer::normalizeCharReferences(
-					Sanitizer::removeHTMLtags(
-						wfMsgExt( $key, array( 'language' => $lang ) )
-					)
-				);
+			$messages[$key] = wfMsgExt( $key, array( 'language' => $lang ) );
 		}
 
 		return FormatJson::encode( (object)$messages );