From e783c2013a3219a5e40d56eadb3ffcaf8be5308a Mon Sep 17 00:00:00 2001
From: rgarcia <voodoorai2000@gmail.com>
Date: Sat, 18 Jul 2015 17:50:40 +0200
Subject: [PATCH] sanitises tag names [#8]

---
 app/helpers/application_helper.rb    | 2 +-
 app/views/shared/_tag_cloud.html.erb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 74dcfd229..e3f79f023 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,7 +1,7 @@
 module ApplicationHelper
 
   def tags(debate)
-    debate.tag_list.map { |tag| link_to tag, debates_path(tag: tag) }.join(', ').html_safe
+    debate.tag_list.map { |tag| link_to sanitize(tag), debates_path(tag: tag) }.join(', ').html_safe
   end
 
 end
diff --git a/app/views/shared/_tag_cloud.html.erb b/app/views/shared/_tag_cloud.html.erb
index 1aefd074d..bb61c5a4d 100644
--- a/app/views/shared/_tag_cloud.html.erb
+++ b/app/views/shared/_tag_cloud.html.erb
@@ -1,5 +1,5 @@
 <div id="tag-cloud">
   <% tag_cloud Debate.tag_counts, %w[s m l] do |tag, css_class| %>
-    <%= link_to "#{tag.name}(#{tag.taggings_count})", debates_path(tag: tag.name), class: css_class %>
+    <%= link_to sanitize("#{tag.name}(#{tag.taggings_count})"), debates_path(tag: tag.name), class: css_class %>
   <% end %>
 </div>