From f5593ae3a90a81e5ffe401b0f1f68f4aea2de6e5 Mon Sep 17 00:00:00 2001
From: Dreamy Jazz <wpgbrown@wikimedia.org>
Date: Mon, 19 May 2025 17:34:03 +0100
Subject: [PATCH] SECURITY: Fix i18n XSS in PreliminaryCheckPager

Why:
* Special:Investigate has an 'Account information' tab which is
  currently vulnerable to i18n XSS through the
  'checkuser-investigate-preliminary-table-cell-wiki-nowiki'
  and 'rev-deleted-user'.
* These vectors should be fixed.

What:
* Properly escape the above noted messages in PreliminaryCheckPager

Bug: T394700
Change-Id: I777fc55fef15c3b00df0db268af2b64cb2d6e381
---
 src/Investigate/Pagers/PreliminaryCheckPager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Investigate/Pagers/PreliminaryCheckPager.php b/src/Investigate/Pagers/PreliminaryCheckPager.php
index 789c7cc5..e19dde20 100644
--- a/src/Investigate/Pagers/PreliminaryCheckPager.php
+++ b/src/Investigate/Pagers/PreliminaryCheckPager.php
@@ -139,7 +139,7 @@ class PreliminaryCheckPager extends TablePager {
 			case 'name':
 				// Hide the username if it is hidden from the current authority.
 				if ( $userIsHidden ) {
-					$formatted = $this->msg( 'rev-deleted-user' )->text();
+					$formatted = $this->msg( 'rev-deleted-user' )->escaped();
 				} else {
 					$formatted = htmlspecialchars( $value );
 				}
@@ -164,7 +164,7 @@ class PreliminaryCheckPager extends TablePager {
 						$wiki->getDisplayName()
 					);
 				} else {
-					$formatted = $this->msg( 'checkuser-investigate-preliminary-table-cell-wiki-nowiki' )->text();
+					$formatted = $this->msg( 'checkuser-investigate-preliminary-table-cell-wiki-nowiki' )->escaped();
 				}
 				break;
 			case 'editcount':
-- 
2.34.1