Brian Wolff has uploaded a new change for review.
https://gerrit.wikimedia.org/r/294228
Change subject: Fix XSS in extension
......................................................................
Fix XSS in extension
Bug: T133511
Change-Id: I98ead6364dd148838842ac92d025b61a448b3f20
---
M MsCalendar.body.php
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MsCalendar
refs/changes/28/294228/1
diff --git a/MsCalendar.body.php b/MsCalendar.body.php
index b069fbc..386f188 100644
--- a/MsCalendar.body.php
+++ b/MsCalendar.body.php
@@ -60,9 +60,9 @@
$output .= '<span class="ms-calendar-year-year"><span
class="ms-calendar-year"></span></span>';
$output .= '<span
class="ms-calendar-next-year">❯</span>';
$output .= '</div>';
- $output .= '<span class="ms-calendar-current" title="' .
wfMessage( 'msc-todaylabel' ) . '">' . wfMessage( 'msc-today' ) . '</span>';
+ $output .= '<span class="ms-calendar-current" title="' .
wfMessage( 'msc-todaylabel' )->escaped() . '">' . wfMessage( 'msc-today'
)->parse() . '</span>';
$output .= '</div>';
- $output .= '<div class="fc-calendar-container"
data-calendar-id="' . $id . '" data-calendar-name="' . $name . '"
data-calendar-sort="' . $sort . '"></div>';
+ $output .= '<div class="fc-calendar-container"
data-calendar-id="' . htmlspecialchars( $id ) . '" data-calendar-name="' .
htmlspecialchars( $name ) . '" data-calendar-sort="' . htmlspecialchars( $sort
) . '"></div>';
return $output;
}
--
To view, visit https://gerrit.wikimedia.org/r/294228
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I98ead6364dd148838842ac92d025b61a448b3f20
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MsCalendar
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
