From 5f9fce7343f11fc0d2824c5d51471741fd39c5cd Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Fri, 9 Jun 2017 20:33:19 -0500
Subject: [PATCH] Fix #3139: XSS in Related Tags javascript.

---
 app/assets/javascripts/related_tag.js | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/app/assets/javascripts/related_tag.js b/app/assets/javascripts/related_tag.js
index 58d2eb878..227fef671 100644
--- a/app/assets/javascripts/related_tag.js
+++ b/app/assets/javascripts/related_tag.js
@@ -227,14 +227,10 @@
         if (text.match(/^ http/)) {
           text = text.substring(1, 1000);
           var $url = $("<a/>");
-          $url.text("open");
+          $url.text(text);
           $url.attr("href", text);
           $url.attr("target", "_blank");
-          var $li = $("<li/>");
-          $li.append(text + " [");
-          $li.append($url);
-          $li.append("]");
-          $ul.append($li);
+          $ul.append($("<li/>").html($url));
         } else {
           $ul.append($("<li/>").text(text));
         }