From 4ca460d3117c7e14a4427747bc7f67ea2bfc7b04 Mon Sep 17 00:00:00 2001
From: jly <jly@wikimedia.org>
Date: Thu, 24 Apr 2025 23:39:40 +0100
Subject: [PATCH] SECURITY: Escape i18n message in action FeaturedFeedChannel

Bug: T392279
---
 includes/FeaturedFeedChannel.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/FeaturedFeedChannel.php b/includes/FeaturedFeedChannel.php
index 8cedb04..9be9505 100644
--- a/includes/FeaturedFeedChannel.php
+++ b/includes/FeaturedFeedChannel.php
@@ -147,9 +147,9 @@ class FeaturedFeedChannel {
 		if ( $this->title !== false ) {
 			return;
 		}
-		$this->title = $this->msg( $this->options['title'] )->text();
-		$this->shortTitle = $this->msg( $this->options['short-title'] )->text();
-		$this->description = $this->msg( $this->options['description'] )->text();
+		$this->title = $this->msg( $this->options['title'] )->escaped();
+		$this->shortTitle = $this->msg( $this->options['short-title'] )->escaped();
+		$this->description = $this->msg( $this->options['description'] )->escaped();
 		$pageMsg = $this->msg( $this->options['page'] )->params( $this->languageCode );
 		if ( $pageMsg->isDisabled() ) {
 			// fall back manually, messages can be existent but empty
-- 
2.48.1