From c794c13a012361803d59cd62f92f8384e3a00812 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Tue, 12 Nov 2024 21:49:00 +0100
Subject: [PATCH] Fix unescaped i18n message use in captcha label

Bug: T373732
Change-Id: Ib9079feead4bfe0f1fd2c832c6cabb6eb7149534
(cherry picked from commit 42d4f55cf65861d3c755c7abd1ad0d738395087e)
---
 FancyCaptcha/includes/HTMLFancyCaptchaField.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/FancyCaptcha/includes/HTMLFancyCaptchaField.php b/FancyCaptcha/includes/HTMLFancyCaptchaField.php
index cd075e5c1..54fe2ba3f 100644
--- a/FancyCaptcha/includes/HTMLFancyCaptchaField.php
+++ b/FancyCaptcha/includes/HTMLFancyCaptchaField.php
@@ -86,8 +86,8 @@ class HTMLFancyCaptchaField extends HTMLFormField {
 	public function getLabel() {
 		// slight abuse of what getLabel() should mean; $mLabel is used for the pre-label text
 		// as the actual label is always the same
-		return $this->mParent->msg( 'captcha-label' )->text() . ' '
-			. $this->mParent->msg( 'fancycaptcha-captcha' )->text();
+		return $this->mParent->msg( 'captcha-label' )->escaped() . ' '
+			. $this->mParent->msg( 'fancycaptcha-captcha' )->escaped();
 	}
 
 	/**