modify r40671, use Sanitizer::escapeHtmlAllowEntities instead to allow & and the like.

2024-11-15 18:29:27 +00:00 · 2008-09-09 20:14:14 +00:00 · 2008-09-09 20:14:14 +00:00 · c69b88dab7
parent 196385c1d4
commit c69b88dab7
1 changed files with 1 additions and 1 deletions
--- a/ImageMap_body.php
+++ b/ImageMap_body.php
@ -70,7 +70,7 @@ class ImageMap {
 				if ( wfIsBadImage( $imageTitle->getDBkey() , $parser->mTitle ) ) {
 					return self::error( 'imagemap_bad_image' );
 				}
-				$imageHTML = $parser->makeImage( $imageTitle, htmlspecialchars($options) );
+				$imageHTML = $parser->makeImage( $imageTitle, Sanitizer::escapeHtmlAllowEntities($options) );
 				$parser->mOutput->addImage( $imageTitle->getDBkey() );

 				$domDoc = new DOMDocument();