Revert "escape js in format_tags until I can think about whether we have an XSS problem in the morning"
This reverts commit 8af95909c2.
This commit is contained in:
Raphael Sofaer
parent
8af95909c2
commit
d8e891b492
1 changed files with 1 additions and 2 deletions
|
|
@ -4,7 +4,6 @@
|
|||
|
||||
module Diaspora
|
||||
module Taggable
|
||||
extend ActionView::Helpers::JavaScriptHelper
|
||||
VALID_TAG_BODY = /[^_,\s#*\[\]()\@\/"'\.%]+\b/
|
||||
|
||||
def self.included(model)
|
||||
|
|
@ -40,7 +39,7 @@ module Diaspora
|
|||
def self.format_tags(text, opts={})
|
||||
return text if opts[:plain_text]
|
||||
regex = /(^|\s)#(#{VALID_TAG_BODY})/
|
||||
form_message = escape_javascript(text).gsub(regex) do |matched_string|
|
||||
form_message = text.gsub(regex) do |matched_string|
|
||||
"#{$~[1]}<a href=\"/tags/#{$~[2]}\" class=\"tag\">##{$~[2]}</a>"
|
||||
end
|
||||
form_message.html_safe
|
||||
|
|
|
|||
Loading…
Reference in a new issue