From 42d4f55cf65861d3c755c7abd1ad0d738395087e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Tue, 12 Nov 2024 21:49:00 +0100
Subject: [PATCH] Fix unescaped i18n message use in captcha label

Bug: T373732
Change-Id: Ib9079feead4bfe0f1fd2c832c6cabb6eb7149534
---
 includes/FancyCaptcha/HTMLFancyCaptchaField.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/FancyCaptcha/HTMLFancyCaptchaField.php b/includes/FancyCaptcha/HTMLFancyCaptchaField.php
index 72e461f88..12b0227e8 100644
--- a/includes/FancyCaptcha/HTMLFancyCaptchaField.php
+++ b/includes/FancyCaptcha/HTMLFancyCaptchaField.php
@@ -89,8 +89,8 @@ class HTMLFancyCaptchaField extends HTMLFormField {
 	public function getLabel() {
 		// slight abuse of what getLabel() should mean; $mLabel is used for the pre-label text
 		// as the actual label is always the same
-		return $this->mParent->msg( 'captcha-label' )->text() . ' '
-			. $this->mParent->msg( 'fancycaptcha-captcha' )->text();
+		return $this->mParent->msg( 'captcha-label' )->escaped() . ' '
+			. $this->mParent->msg( 'fancycaptcha-captcha' )->escaped();
 	}
 
 	/** @inheritDoc */