From d9c3124da49089fdd8f6f7951d3f0a2921bea628 Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Mon, 2 Jun 2025 16:29:52 -0500
Subject: [PATCH] SECURITY: Properly escape the quiz-ignore-coef system message

Bug: T394612
Change-Id: I22c16616b8c502342517475683575a0220451fb3
---
 templates/Setting.mustache | 2 +-
 tests/phpunit/QuizTest.php | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/templates/Setting.mustache b/templates/Setting.mustache
index 3c8cf54..b18106c 100644
--- a/templates/Setting.mustache
+++ b/templates/Setting.mustache
@@ -31,7 +31,7 @@
 {{# isSettingOtherRow}}
 	<tr>
 	{{# notSimple}}
-		<td><label for="ignoringCoef">{{{ wfMessage.quiz_ignoreCoef }}}</label></td>
+		<td><label for="ignoringCoef">{{ wfMessage.quiz_ignoreCoef }}</label></td>
 		<td><input type="checkbox" name="ignoringCoef" id="ignoringCoef" {{{ checked }}}/></td>
 	{{/ notSimple}}
 	{{# corrected}}
diff --git a/tests/phpunit/QuizTest.php b/tests/phpunit/QuizTest.php
index cea2d9b..57b52b3 100644
--- a/tests/phpunit/QuizTest.php
+++ b/tests/phpunit/QuizTest.php
@@ -84,7 +84,7 @@ class QuizTest extends QuizTestCase {
 			 . "\n\t\t" . '<td><input class="numerical" type="number" ' .
 			 'name="cutoffPoints" id="cutoffPoints" value="-1"/></td>' . "\n\t" .
 			 '</tr>' . "\n\t" . '<tr>' . "\n\t\t" . '<td><label for="ignoringCoef">'
-			 . 'Ignore the questions' . "'" . ' coefficients:</label></td>'
+			 . 'Ignore the questions&#039; coefficients:</label></td>'
 			 . "\n\t\t" . '<td><input type="checkbox" name="ignoringCoef" id="ignoringCoef" ' .
 			 'checked="checked"/></td>' . "\n\t" .
 			 '</tr>' . "\n\t" . '<tr>' . "\n\t\t\t\t\t"
@@ -107,8 +107,7 @@ class QuizTest extends QuizTestCase {
 			 ' value="0"/></td>' . "\n\t\t" . '<td class="margin incorrect"></td>' . "\n\t\t"
 			 . '<td style="background: transparent;">Incorrect</td>' . "\n\t" . '</tr>'
 			 . "\n\t" . '<tr>' . "\n\t\t" .
-			 '<td><label for="ignoringCoef">Ignore the questions'
-			 . "'" . ' coefficients:</label></td>'
+			 '<td><label for="ignoringCoef">Ignore the questions&#039; coefficients:</label></td>'
 			 . "\n\t\t" . '<td><input type="checkbox" name="ignoringCoef" id="ignoringCoef"' .
 			 ' checked="checked"/></td>' . "\n\t\t" .
 			 '<td class="margin NA"></td>' . "\n\t\t" .
-- 
2.49.0