Xml::option passed the first param to Html::element which escaped the
value, so no htmlspecialchars is needed for $show. The htmlspecialchar
moved closer to output, because the comparision does not need it
Bug: T85864
Change-Id: Ib8b948563095143de686756ceaf46c48cab2c5e0
} else {
list( $show, $value ) = explode( ":", $option );
}
- $show = htmlspecialchars( $show );
- $value = htmlspecialchars( $value );
$expiryFormOptions .= Xml::option(
$show,
- $value,
+ htmlspecialchars( $value ),
$this->mExpirySelection[$action] === $value
) . "\n";
}