From 19b62c5f4b9d0b8c0ed5528fffec5c4a614600e3 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Tue, 28 Oct 2014 20:04:18 -0500
Subject: [PATCH] Fix XSS in fetch source data javascript.

---
 app/assets/javascripts/uploads.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/app/assets/javascripts/uploads.js b/app/assets/javascripts/uploads.js
index 72b8a5383..81b3a1798 100644
--- a/app/assets/javascripts/uploads.js
+++ b/app/assets/javascripts/uploads.js
@@ -70,20 +70,22 @@
   }
 
   Danbooru.Upload.fill_source_info = function(data) {
-    var tag_html = "";
+    $("#source-tags").empty();
     $.each(data.tags, function(i, v) {
-      tag_html += ('<a href="' + v[1] + '">' + v[0] + '</a> ');
+      $("<a>").attr("href", v[1]).text(v[0]).appendTo("#source-tags");
     });
 
-    $("#source-artist").html('<a href="' + data.profile_url + '">' + data.artist_name + '</a>');
-    $("#source-tags").html(tag_html);
+    $("#source-artist").html($("<a>").attr("href", data.profile_url).text(data.artist_name));
 
     Danbooru.RelatedTag.translated_tags = data.translated_tags;
     Danbooru.RelatedTag.build_all();
 
-    var new_artist_link = '<a target="_blank" href="/artists/new?other_names=' + data.artist_name + '&urls=' + encodeURIComponent(data.profile_url + '\n' + data.image_url) + '">new</a>';
+    var new_artist_href = "/artists/new?other_names="
+                        + encodeURIComponent(data.artist_name)
+                        + "&urls="
+                        + encodeURIComponent([data.profile_url, data.image_url].join("\n"));
 
-    $("#source-record").html(new_artist_link);
+    $("#source-record").html($("<a>").attr("href", new_artist_href).text("Create New"));
 
     if (data.page_count > 1) {
       $("#gallery-warning").show();