This change moves the responsibility for the HTML escaping of the
parameter 'text' from users of the hook to the HTML generator.
The extension VisualEditor already doesn't make an HTML escaping:
https://gerrit.wikimedia.org/g/mediawiki/extensions/VisualEditor/+/
950fee47bf0195a8f2ef552600e45dbd4d3c1a5b/includes/VisualEditorHooks.php#596
https://gerrit.wikimedia.org/g/mediawiki/extensions/VisualEditor/+/
950fee47bf0195a8f2ef552600e45dbd4d3c1a5b/includes/VisualEditorHooks.php#611
The HTML escaping in extension TineMCE
https://gerrit.wikimedia.org/g/mediawiki/extensions/TinyMCE/+/
5f48eb9acd19062a5d6e731ef34b93ef62d3e730/TinyMCE.hooks.php#287
get removed by I8c0cae19e6c6cf95ff9b23e1f2e61be4c6c46b3f.
Change-Id: Ifdd76172bfd7dc0d370bf69705f2e6a0e1c7511c
$links = [
'editsection' => [
- 'text' => $this->msg( 'editsection' )->inLanguage( $lang )->escaped(),
+ 'text' => $this->msg( 'editsection' )->inLanguage( $lang )->text(),
'targetTitle' => $nt,
'attribs' => $attribs,
'query' => [ 'action' => 'edit', 'section' => $section ],
foreach ( $links as $k => $linkDetails ) {
$linksHtml[] = Linker::link(
$linkDetails['targetTitle'],
- $linkDetails['text'],
+ htmlspecialchars( $linkDetails['text'] ),
$linkDetails['attribs'],
$linkDetails['query'],
$linkDetails['options']