From 13acf10eb1cbff480c731bd3d22f249d250885f2 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <lucas.werkmeister@wikimedia.de>
Date: Tue, 22 Feb 2022 10:45:24 +0100
Subject: [PATCH] SECURITY: Also allow numbers

Bug: T302192
---
 includes/JCTabularContentView.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/JCTabularContentView.php b/includes/JCTabularContentView.php
index 87bb231..93b8af0 100644
--- a/includes/JCTabularContentView.php
+++ b/includes/JCTabularContentView.php
@@ -133,7 +133,9 @@ public function valueToHtml(
 						$header['class'] = 'mw-tabular-value-null';
 						$column = '';
 					} else {
-						$column = is_string( $column ) ? htmlspecialchars( $column ) : '';
+						$column = is_string( $column ) || is_numeric( $column )
+							? htmlspecialchars( (string)$column )
+							: '';
 					}
 					$vals[] = Html::rawElement( 'td', $header, $column );
 				}
-- 
2.32.0