sanitises tag names [#8]

2015-07-18 17:50:40 +02:00
parent dc8969781a
commit e783c2013a
2 changed files with 2 additions and 2 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,7 +1,7 @@
 module ApplicationHelper

  def tags(debate)
-    debate.tag_list.map { |tag| link_to tag, debates_path(tag: tag) }.join(', ').html_safe
+    debate.tag_list.map { |tag| link_to sanitize(tag), debates_path(tag: tag) }.join(', ').html_safe
  end

 end
--- a/app/views/shared/_tag_cloud.html.erb
+++ b/app/views/shared/_tag_cloud.html.erb
@@ -1,5 +1,5 @@
 <div id="tag-cloud">
  <% tag_cloud Debate.tag_counts, %w[s m l] do |tag, css_class| %>
-    <%= link_to "#{tag.name}(#{tag.taggings_count})", debates_path(tag: tag.name), class: css_class %>
+    <%= link_to sanitize("#{tag.name}(#{tag.taggings_count})"), debates_path(tag: tag.name), class: css_class %>
  <% end %>
 </div>