From c531f49e15810e1021f55c43c5a1b259620e99d0 Mon Sep 17 00:00:00 2001
From: Dayllan Maza <dmaza@wikimedia.org>
Date: Fri, 16 May 2025 11:54:07 -0400
Subject: [PATCH] Security: Escape rawElement $content

Bug: T394396
Change-Id: I1ed54e4f063ec10d412c0db95b1bfed4a084b1d4
---
 includes/htmlform/fields/HTMLButtonField.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/htmlform/fields/HTMLButtonField.php b/includes/htmlform/fields/HTMLButtonField.php
index 1a9340c2bb6..272951f2fc6 100644
--- a/includes/htmlform/fields/HTMLButtonField.php
+++ b/includes/htmlform/fields/HTMLButtonField.php
@@ -121,7 +121,7 @@ class HTMLButtonField extends HTMLFormField {
 
 	public function getInputCodex( $value, $hasErrors ) {
 		$flags = $this->mFlags;
-		$buttonLabel = $this->buttonLabel ?: htmlspecialchars( $this->getDefault() );
+		$buttonLabel = $this->buttonLabel ?: $this->getDefault();
 		$buttonClasses = [ 'mw-htmlform-submit', 'cdx-button', $this->mClass ];
 		$buttonAttribs = [
 			'class' => $buttonClasses,
@@ -170,7 +170,7 @@ class HTMLButtonField extends HTMLFormField {
 		$attribs['class'] = $buttonClassesAndFlags;
 
 		$buttonHtml = Html::rawElement(
-			'button', $attribs, $buttonLabel
+			'button', $attribs, htmlspecialchars( $buttonLabel )
 		);
 
 		return $buttonHtml;
-- 
2.49.0