From 53f2c36f1d4ea04ad3539dc3450f0af49d46a671 Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Thu, 2 Jan 2020 18:07:23 +0100
Subject: [PATCH 1/1] Use ActionView's safe_join to avoid using raw when
 joining arrays of text

---
 app/views/traces/_trace.html.erb | 2 +-
 app/views/traces/show.html.erb   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/traces/_trace.html.erb b/app/views/traces/_trace.html.erb
index 1fde78790..c8433599f 100644
--- a/app/views/traces/_trace.html.erb
+++ b/app/views/traces/_trace.html.erb
@@ -24,7 +24,7 @@
     <%= t ".by" %> <%= link_to h(trace.user.display_name), user_path(trace.user) %>
     <% if !trace.tags.empty? %>
       <%= t ".in" %>
-      <%= raw(trace.tags.collect { |tag| link_to_tag tag.tag }.join(", ")) %>
+      <%= safe_join(trace.tags.collect { |tag| link_to_tag tag.tag }, ", ") %>
     <% end %>
   </td>
 </tr>
diff --git a/app/views/traces/show.html.erb b/app/views/traces/show.html.erb
index a9978fdc4..07134dbbd 100644
--- a/app/views/traces/show.html.erb
+++ b/app/views/traces/show.html.erb
@@ -40,7 +40,7 @@
     <td><%= t ".tags" %></td>
     <td>
     <% unless @trace.tags.empty? %>
-      <%= raw(@trace.tags.collect { |tag| link_to tag.tag, :controller => "traces", :action => "index", :tag => tag.tag, :id => nil }.join(", ")) %>
+      <%= safe_join(@trace.tags.collect { |tag| link_to tag.tag, :controller => "traces", :action => "index", :tag => tag.tag, :id => nil }, ", ") %>
     <% else %>
       <i><%= t ".none" %></i>
     <% end %>
-- 
2.39.5