From d8e891b492ffe1896e925b7dc3ea7acf1bee9f7f Mon Sep 17 00:00:00 2001
From: Raphael Sofaer <raphael@joindiaspora.com>
Date: Thu, 7 Jul 2011 22:13:02 -0700
Subject: [PATCH] Revert "escape js in format_tags until I can think about
 whether we have an XSS problem in the morning"

This reverts commit 8af95909c2c1320a13ea930674d4bbf3bb3f7a3f.
---
 lib/diaspora/taggable.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/diaspora/taggable.rb b/lib/diaspora/taggable.rb
index 99fbf1b8af..7c3ab66bd2 100644
--- a/lib/diaspora/taggable.rb
+++ b/lib/diaspora/taggable.rb
@@ -4,7 +4,6 @@
 
 module Diaspora
   module Taggable
-    extend ActionView::Helpers::JavaScriptHelper
     VALID_TAG_BODY = /[^_,\s#*\[\]()\@\/"'\.%]+\b/
 
     def self.included(model)
@@ -40,7 +39,7 @@ module Diaspora
     def self.format_tags(text, opts={})
       return text if opts[:plain_text]
       regex = /(^|\s)#(#{VALID_TAG_BODY})/
-      form_message = escape_javascript(text).gsub(regex) do |matched_string|
+      form_message = text.gsub(regex) do |matched_string|
         "#{$~[1]}<a href=\"/tags/#{$~[2]}\" class=\"tag\">##{$~[2]}</a>"
       end
       form_message.html_safe
-- 
GitLab