diff options
Diffstat (limited to 'includes/SkinTemplate.php')
-rw-r--r-- | includes/SkinTemplate.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php index e41b5e7d..2dd00980 100644 --- a/includes/SkinTemplate.php +++ b/includes/SkinTemplate.php @@ -298,7 +298,11 @@ class SkinTemplate extends Skin { $tpl->set( 'specialpageattributes', '' ); # obsolete if ( $userlang !== $wgContLang->getHtmlCode() || $userdir !== $wgContLang->getDir() ) { - $attrs = " lang='$userlang' dir='$userdir'"; + $escUserlang = htmlspecialchars( $userlang ); + $escUserdir = htmlspecialchars( $userdir ); + // Attributes must be in double quotes because htmlspecialchars() doesn't + // escape single quotes + $attrs = " lang=\"$escUserlang\" dir=\"$escUserdir\""; $tpl->set( 'userlangattributes', $attrs ); } |