From d94a5a24b0907c610377a5a8d4abb8c877e67145 Mon Sep 17 00:00:00 2001
From: Anton Khorev <tony29@yandex.ru>
Date: Mon, 24 Mar 2025 15:51:26 +0300
Subject: [PATCH] Remove html-safe/unsafe branches from rich text linkify

Rinku outputs html. It would make no sense to escape Rinku's output, the output should be safe when it's created. To make sure that it's safe, we need to escape the input. As it is currently used in osm-website, the input is already html-safe and escaping does nothing. However it's safer to escape anyway in case the future usage changes.
---
 lib/rich_text.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/rich_text.rb b/lib/rich_text.rb
index c20f973b1..d6df214d1 100644
--- a/lib/rich_text.rb
+++ b/lib/rich_text.rb
@@ -76,11 +76,7 @@ module RichText
     end
 
     def linkify(text, mode = :urls)
-      if text.html_safe?
-        Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow noopener noreferrer")).html_safe
-      else
-        Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow noopener noreferrer"))
-      end
+      Rinku.auto_link(ERB::Util.html_escape(text), mode, tag_builder.tag_options(:rel => "nofollow noopener noreferrer")).html_safe
     end
   end
 
-- 
2.39.5