Escape lang names and usernames

wikimedia / ToolforgeBundle

A Symfony 4 & 5 bundle that provides some common parts of web-based tools running on Wikimedia's Toolforge. Maintained by the Wikimedia Foundation's Community Tech team.

https://packagist.org/packages/wikimedia/toolforge-bundle

GNU General Public License v3.0

13 stars 4 forks source link

Escape lang names and usernames #28

Closed MusikAnimal closed 4 years ago

MusikAnimal commented 4 years ago

Language codes and names, along with usernames, should not contain HTML, so we should escape them in Twig.

Also use more descriptive variable name for declaring a Twig function as HTML-safe.

Bug: T239871

samwilson commented 4 years ago

I've released 0.18.0.