# HG changeset patch # User luisf # Date 1321895845 0 # Node ID 9f2bc483b7ecd2aef4c849c2eea5482b1f1b11ce # Parent 829052890acbbec15a98730e48c24c208304e4b1 Fixes the html injection problem in the client side (Bug #341). diff -r 829052890acb -r 9f2bc483b7ec vendor/plugins/redmine_tags/assets/javascripts/tags_input.js --- a/vendor/plugins/redmine_tags/assets/javascripts/tags_input.js Mon Nov 21 17:10:21 2011 +0000 +++ b/vendor/plugins/redmine_tags/assets/javascripts/tags_input.js Mon Nov 21 17:17:25 2011 +0000 @@ -31,7 +31,7 @@ var uri_params = window.location.href.toQueryParams(); if (uri_params["project[tag_list]"] != undefined){ - this.addTag(uri_params["project[tag_list]"], true); + this.addTag(uri_params["project[tag_list]"].stripTags(), true); }; Event.observe(this.button, 'click', this.readTags.bind(this));