From fce8dcc97d677b6405d220b56505f7b9fcbb550d Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Thu, 20 Apr 2017 20:33:56 -0500
Subject: [PATCH] /users: fix self-xss in favorite tags.

---
 app/views/users/edit.html.erb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index d6d024e60..72ee9010f 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -76,11 +76,7 @@
 
         <%= f.input :enable_recent_searches, :as => :select, :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
 
-        <div class="input text optional field_with_hint">
-          <label class="text optional" for="user_favorite_tags">Frequent tags</label>
-          <textarea id="user_favorite_tags" class="text optional" rows="5" name="user[favorite_tags]" cols="40"><%= raw @user.favorite_tags %></textarea>
-          <span class="hint">A list of tags that you use often. They will appear when using the list of Related Tags.</span>
-        </div>
+        <%= f.input :favorite_tags, :label => "Frequent tags", :hint => "A list of tags that you use often. They will appear when using the list of Related Tags.", :input_html => { :rows => 5 } %>
 
         <div class="input text optional field_with_hint">
           <label class="text optional" for="user_dmail_filter_attributes_words">Dmail filter</label>