cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Escape each portion of a semicolon seprated value individually

Browse source 
Fixes #3872
This commit is contained in:
Tom Hughes 2023-01-04 15:41:54 +00:00
parent fb81107b6e
commit 52078b5d76
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/helpers/browse_tags_helper.rb
View file

@ -32,7 +32,7 @@ module BrowseTagsHelper
elsif colour_value = colour_preview(key, value)
tag.span("", :class => "colour-preview-box", :"data-colour" => colour_value, :title => t("browse.tag_details.colour_preview", :colour_value => colour_value)) + colour_value
else
safe_join(h(value).split(";").map { |x| linkify(x) }, ";")
safe_join(value.split(";").map { |x| linkify(h(x)) }, ";")
end
end

3
test/helpers/browse_tags_helper_test.rb
View file

@ -22,6 +22,9 @@ class BrowseTagsHelperTest < ActionView::TestCase
html = format_value("unknown", "unknown")
assert_dom_equal "unknown", html
html = format_value("addr:street", "Rue de l'Amigo")
assert_dom_equal "Rue de l&#39;Amigo", html
html = format_value("phone", "+1234567890")
assert_dom_equal "<a href=\"tel:+1234567890\" title=\"Call +1234567890\">+1234567890</a>", html