Escape extra input messages on Special:UserLogin/signup

TitleBlacklist and AntiSpoof can register extra input fields with a own
message, this message would now be escaped to avoid use of raw html.
Messages: 'titleblacklist-override' and 'antispoof-ignore'

The messages are now handled similar to checkbox 'createaccountmail'

Bug: T85864
Change-Id: I14326c3844904560b66eb8e8eb7d36706caa47da

diff --git a/includes/templates/Usercreate.php b/includes/templates/Usercreate.php
index 43bab0e..dc9da63 100644 (file)
--- a/includes/templates/Usercreate.php
+++ b/includes/templates/Usercreate.php
@@ -218,7 +218,7 @@ class UsercreateTemplate extends BaseTemplate {
                                                                                echo 'checked="checked"';
                                                                        } ?>
                                                                ><label for="<?php echo htmlspecialchars( $inputItem['name'] ); ?>">
-                                                                       <?php $this->msgHtml( $inputItem['msg'] ); ?>
+                                                                       <?php $this->msg( $inputItem['msg'] ); ?>
                                                                </label>
                                                        </div>
                                                <?php