# HG changeset patch # User luisf # Date 1322064603 0 # Node ID 4d3ac2b4156ced8a77809bb6e35caa930132a111 # Parent 0987c3565751146d133dd9924ec8da63cb1789a4 Strips any possible html tags in the project tags input (both client and server side). diff -r 0987c3565751 -r 4d3ac2b4156c vendor/plugins/redmine_tags/assets/javascripts/tags_input.js --- a/vendor/plugins/redmine_tags/assets/javascripts/tags_input.js Wed Nov 23 15:40:55 2011 +0000 +++ b/vendor/plugins/redmine_tags/assets/javascripts/tags_input.js Wed Nov 23 16:10:03 2011 +0000 @@ -86,7 +86,7 @@ addTagsList: function(tags_list) { var tags = tags_list.split(','); for (var i = 0; i < tags.length; i++) { - this.addTag(tags[i].strip().toLowerCase()); + this.addTag(tags[i].strip().stripTags().toLowerCase()); } }, diff -r 0987c3565751 -r 4d3ac2b4156c vendor/plugins/redmine_tags/lib/redmine_tags/patches/projects_controller_patch.rb --- a/vendor/plugins/redmine_tags/lib/redmine_tags/patches/projects_controller_patch.rb Wed Nov 23 15:40:55 2011 +0000 +++ b/vendor/plugins/redmine_tags/lib/redmine_tags/patches/projects_controller_patch.rb Wed Nov 23 16:10:03 2011 +0000 @@ -10,16 +10,13 @@ skip_before_filter :authorize, :only => [:set_fieldset_status] skip_before_filter :find_project, :only => [:set_fieldset_status] before_filter :add_tags_to_project, :only => [:save, :update] -# before_filter :filter_projects, :only => :index alias :index filtered_index end end module InstanceMethods - - - + def add_tags_to_project if params && params[:project] && !params[:project][:tag_list].nil? @@ -27,7 +24,7 @@ new_tags = params[:project][:tag_list].to_s.downcase unless (old_tags == new_tags) - @project.tag_list = new_tags + @project.tag_list = ActionController::Base.helpers.strip_tags(new_tags) end end end