fix xss vuln

app/assets/javascripts/related_tag.js.erb

@@ -236,7 +236,7 @@
           if (desc.length > 30) {
             desc = desc.substring(0, 30) + "...";
           }
-          var $del = $("<del/>").html(desc);
+          var $del = $("<del/>").text(desc);
           $ul.append($("<li/>").html($del));
         } else if (text.match(/^ http/)) {
           text = text.substring(1, 1000);

app/views/artists/_form.html.erb

@@ -16,7 +16,7 @@
   </div>
   <%= f.input :other_names_comma, :hint => "Separate with commas", :as => :text, :label => "Other names" %>
   <%= f.input :group_name %>
-  <%= f.input :url_string, :label => "URLs", :as => :text, :input_html => {:size => "50x5", :value => params.dig(:artist, :url_string) || @artist.url_array.join("\n")} %>
+  <%= f.input :url_string, :label => "URLs", :as => :text, :input_html => {:size => "50x5", :value => params.dig(:artist, :url_string) || @artist.urls.join("\n")} %>
 
   <%= dtext_field "artist", "notes" %>
   <%= f.button :submit, "Submit" %>