Escape tag values - there is no reason at all to render things which

[rails.git] / app / views / browse / _tag.html.erb

diff --git a/app/views/browse/_tag.html.erb b/app/views/browse/_tag.html.erb
index a9a122e6da6cbf9f49a6f6467323659f15e92535..5724b064611c396db2c38ccd6bef22b00155b9e5 100644 (file)
--- a/app/views/browse/_tag.html.erb
+++ b/app/views/browse/_tag.html.erb
@@ -1,3 +1,3 @@
 <tr>
-  <td><%= h(tag[0]) %> = <%= sanitize(auto_link(tag[1])) %></td>
+  <td><%= h(tag[0]) %> = <%= auto_link(h(tag[1])) %></td>
 </tr>