$value = array_shift( $params );
}
- if ( $value instanceof RawMessage ) {
- $message = new RawMessage( $value->getKey(), $value->getParams() );
+ if ( $value instanceof Message ) { // Message, RawMessage, ApiMessage, etc
+ $message = clone( $value );
} elseif ( $value instanceof MessageSpecifier ) {
$message = new Message( $value );
} elseif ( is_string( $value ) ) {
$string = $this->fetchMessage();
if ( $string === false ) {
- if ( $this->format === 'plain' || $this->format === 'text' ) {
- return '<' . $this->key . '>';
- }
- return '<' . htmlspecialchars( $this->key ) . '>';
+ // Err on the side of safety, ensure that the output
+ // is always html safe in the event the message key is
+ // missing, since in that case its highly likely the
+ // message key is user-controlled.
+ // '⧼' is used instead of '<' to side-step any
+ // double-escaping issues.
+ return '⧼' . htmlspecialchars( $this->key ) . '⧽';
}
# Replace $* with a list of parameters for &uselang=qqx.