From b3566711ed037c52558829d2e0e6949293f2934b Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Fri, 20 Aug 2021 16:41:18 -0700
Subject: [PATCH] SECURITY: Fix message escaping in SecurePollLogPager

Bug: T289385
Change-Id: I4f04083cd00884d3b85245460774c81c7639a578
---
 includes/SecurePollLogPager.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/SecurePollLogPager.php b/includes/SecurePollLogPager.php
index 6105767..2e32916 100644
--- a/includes/SecurePollLogPager.php
+++ b/includes/SecurePollLogPager.php
@@ -149,6 +149,7 @@ class SecurePollLogPager extends ReverseChronologicalPager {
 		$userLink = Linker::userLink( $user->getId(), $user->getName() );
 
 		$election = $this->context->getElection( $row->spl_election_id );
+		// TODO: this is double escaped
 		$electionTitle = htmlspecialchars( $election->title );
 
 		$messageParams = [
@@ -167,7 +168,7 @@ class SecurePollLogPager extends ReverseChronologicalPager {
 			$messageParams
 		)->text();
 
-		return HTML::rawElement( 'li', [], $message );
+		return Html::element( 'li', [], $message );
 	}
 
 	/**
@@ -188,6 +189,6 @@ class SecurePollLogPager extends ReverseChronologicalPager {
 	 * @inheritDoc
 	 */
 	public function getEmptyBody() {
-		return HTML::rawElement( 'p', [], $this->msg( 'securepoll-log-empty' )->text() );
+		return Html::element( 'p', [], $this->msg( 'securepoll-log-empty' )->text() );
 	}
 }
-- 
2.31.1