Escape each portion of a semicolon seprated value individually

Fixes #3872

diff --git a/app/helpers/browse_tags_helper.rb b/app/helpers/browse_tags_helper.rb
index c6aeb8c5470fa9a984af272b3a7ca7f989a030eb..18598e88d69c5cd9bd07989f85cb531331fbf06e 100644 (file)
--- a/app/helpers/browse_tags_helper.rb
+++ b/app/helpers/browse_tags_helper.rb
@@ -32,7 +32,7 @@ module BrowseTagsHelper
     elsif colour_value = colour_preview(key, value)
       tag.span("", :class => "colour-preview-box", :"data-colour" => colour_value, :title => t("browse.tag_details.colour_preview", :colour_value => colour_value)) + colour_value
     else
-      safe_join(h(value).split(";").map { |x| linkify(x) }, ";")
+      safe_join(value.split(";").map { |x| linkify(h(x)) }, ";")
     end
   end
 

diff --git a/test/helpers/browse_tags_helper_test.rb b/test/helpers/browse_tags_helper_test.rb
index 2329a7c961d8f23b28cc9d0ccf2fe80211ade425..a0e2e8fabb15efd89ba87d5d051fafcea43809cb 100644 (file)
--- a/test/helpers/browse_tags_helper_test.rb
+++ b/test/helpers/browse_tags_helper_test.rb
@@ -22,6 +22,9 @@ class BrowseTagsHelperTest < ActionView::TestCase
     html = format_value("unknown", "unknown")
     assert_dom_equal "unknown", html
 
+    html = format_value("addr:street", "Rue de l'Amigo")
+    assert_dom_equal "Rue de l&#39;Amigo", html
+
     html = format_value("phone", "+1234567890")
     assert_dom_equal "<a href=\"tel:+1234567890\" title=\"Call +1234567890\">+1234567890</a>", html