Manual talk:Messages API

Part about HTML In JavaScript does not make sense
I realize we have to avoid HTML injection, but the advice given here is not practical. It will cause the HTML to be displayed as HTML, which is rarely what you want.

For example, MediaWiki:stub-threshold is a totally straight-forward HTML message with no variables or parser logic. I see no route for injection (the MediaWiki namespace must be restricted to trusted users for many reasons, MediaWiki:Common.js being just one).

Suppose for whatever reason I have to display it using JS. None of the advice works: on the screen.
 * .text will obviously render it as text (this is true regardless of the input)
 * The next two points advise using .escaped. As it sounds like this will escape it so you actually see:

Also, there is no option that parses wikitext to HTML in mw.message, so it can't handle things like MediaWiki:statistics-users (a trivial wikitext message with a link but no variables or PLURAL/GRAMMAR logic).

I'm going to make this more useful, but I'm not dead-set on my wording. In many cases, people are going to have to use plain or parse, but I will keep a note of warning for when it is used with variables. Superm401 - Talk 00:33, 29 December 2012 (UTC)
 * jqueryMsg has more client-side parsing, and I'm working on a patch to implement wikilink parsing (bug 43498). Superm401 - Talk 06:43, 29 December 2012 (UTC)
 * Doesn't this work against 212? --Nemo 10:47, 29 December 2012 (UTC)
 * There are two separate issues.
 * Some messages (e.g. MediaWiki:stub-threshold) are HTML, and at least for now, we need a way to use them on the client-side.
 * Wikitext messages don't work as you expect. You have to use jqueryMsg even to parse e.g. external links, and I have that patch to get basic wikilinks working (let alone bold, italic).  See also 43499 about moving more of the parsing to the server.
 * If wikitext messages worked fully on the client-side, I agree we could (and probably should) use them, and get rendered HTML out of that (in a lot of cases, .text would still be wrong, though). Superm401 - Talk 10:33, 30 December 2012 (UTC)

JavaScript: current situations and future fixes
There are currently plenty of problems with messages in JavaScript; 44459 summarises them and shows how things will have to change. --Nemo 19:38, 10 February 2013 (UTC)