Revert r110045: well-meaning but broken attempt to apply preemptive XSS protection...

This caused bug 34708: broke usage examples in WikiEditor which include <a href> or <img> tags as-is, which is perfectly legit HTML.

diff --git a/includes/MessageBlobStore.php b/includes/MessageBlobStore.php
index f3fc4d3..be6b27c 100644 (file)
--- a/includes/MessageBlobStore.php
+++ b/includes/MessageBlobStore.php
@@ -350,12 +350,7 @@ class MessageBlobStore {
                $messages = array();
 
                foreach ( $module->getMessages() as $key ) {
-                       $messages[$key] =
-                               Sanitizer::normalizeCharReferences(
-                                       Sanitizer::removeHTMLtags(
-                                               wfMsgExt( $key, array( 'language' => $lang ) )
-                                       )
-                               );
+                       $messages[$key] = wfMsgExt( $key, array( 'language' => $lang ) );
                }
 
                return FormatJson::encode( (object)$messages );