From 3ab96bfcba9f3f4db75bdc1063d9d95b9c3ac232 Mon Sep 17 00:00:00 2001
From: grunny <mwgrunny@gmail.com>
Date: Tue, 1 Sep 2015 20:26:50 +1000
Subject: [PATCH] SECURITY: Encode history URL in review toolbar

Encode history URL in review toolbar and HTML escape for good measure.

Bug: T111029
---
 modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html | 2 +-
 modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.js   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
index 9a57fd4..091cecb 100644
--- a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
+++ b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
@@ -52,7 +52,7 @@
 	<%= mw.msg( 'pagetriage-info-history-header' ) %>
 	<span class="mwe-pt-info-header-details">
 		<%= mw.msg( 'pagetriage-edits', rev_count ) %> &#xb7;
-		<a href="<%= history_link %>"><%= mw.msg( 'pagetriage-info-history-show-full' ) %></a>
+		<a href="<%= mw.html.escape( history_link ) %>"><%= mw.message( 'pagetriage-info-history-show-full' ).escaped() %></a>
 	</span>
 </div>
 <div class="mwe-pt-info-content" id="mwe-pt-info-history-container"></div>
diff --git a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.js b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.js
index 03e8b23..fc62d17 100644
--- a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.js
+++ b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.js
@@ -20,7 +20,7 @@ $( function() {
 			this.model.set(
 				'history_link',
 				this.model.buildLink(
-					mw.config.get( 'wgArticlePath' ).replace( '$1', mw.config.get( 'wgPageName' ) ),
+					mw.util.getUrl( mw.config.get( 'wgPageName' ) ),
 					'action=history'
 				)
 			);
-- 
1.9.1