From 376bcd30eeaf17b64d8b2e53b9ccb44232ea7692 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bartosz=20Dziewo=C5=84ski?= <matma.rex@gmail.com>
Date: Mon, 3 Sep 2018 21:21:42 +0200
Subject: [PATCH] SpecialPreferences: Escape HTML in tab titles in legacy form

They shouldn't intentionally contain HTML (except by abuse of
PreferencesGetLegend hook), and other than trivial formatting,
it wouldn't display correctly because they are styled as links.

It is already being escaped in OOUI form.

Change-Id: I303afe92fcb0208d1a2b040321866c0c95f27aa9
---
 includes/specials/SpecialPreferences.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/specials/SpecialPreferences.php b/includes/specials/SpecialPreferences.php
index 0490cbbfce..08b33c1310 100644
--- a/includes/specials/SpecialPreferences.php
+++ b/includes/specials/SpecialPreferences.php
@@ -130,7 +130,7 @@ class SpecialPreferences extends SpecialPage {
 						'role' => 'presentation',
 						'class' => ( $key === 'personal' ) ? 'selected' : null
 					],
-					Html::rawElement( 'a',
+					Html::element( 'a',
 						[
 							'id' => 'preftab-' . $key,
 							'role' => 'tab',
-- 
2.20.1