Merge pull request #2983 from evazion/fix-favtags-xss

Fix self-xss in favorite tags.
2017-04-22 01:04:31 -07:00
parent f503c80e0b fce8dcc97d
commit 421b9668b2
1 changed files with 1 additions and 5 deletions
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -76,11 +76,7 @@

        <%= f.input :enable_recent_searches, :as => :select, :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>

-        <div class="input text optional field_with_hint">
-          <label class="text optional" for="user_favorite_tags">Frequent tags</label>
-          <textarea id="user_favorite_tags" class="text optional" rows="5" name="user[favorite_tags]" cols="40"><%= raw @user.favorite_tags %></textarea>
-          <span class="hint">A list of tags that you use often. They will appear when using the list of Related Tags.</span>
-        </div>
+        <%= f.input :favorite_tags, :label => "Frequent tags", :hint => "A list of tags that you use often. They will appear when using the list of Related Tags.", :input_html => { :rows => 5 } %>

        <div class="input text optional field_with_hint">
          <label class="text optional" for="user_dmail_filter_attributes_words">Dmail filter</label>