Don't double-escape the ellipses in Language::truncateForVisual()
It turns out this gets rid of a bunch of suppressed
"SecurityCheck-DoubleEscaped" that appear to have been accurate
warnings.
There seems to have been some confusion about how ::truncateForVisual()
is supposed to be used; in particular it is to be passed *unescaped*
output, because it is not (generally speaking) safe to truncate
HTML-escaped strings. The goal of ::truncateForVisual() is to have
a specific number of codepoints in the output for display purposes,
the encoding of those codepoints is not an issue (htmlspecialchars
can be applied to the *return value*.) If you need a specific number
of *bytes* you should be using ::truncateForDatabase(). If you want
a certain number of *HTML bytes* then the ::truncateHtml() method
is probably what you want.
Slightly refactor some code in RevDelLogItem to avoid a false positive.
Bug: T301205
Bug: T290624
Change-Id: I893362e049aedfa699043fcf27caf4815196f748
12 files changed: