add sanitize string functions to blog page

[first-timers[bot]]

Hi, this is a first-timers-only issue. This means we've worked to make it more legible to folks who either haven't contributed to our codebase before, or even folks who haven't contributed to open source before.

If that's you, we're interested in helping you take the first step and can answer questions and help you out as you do. Note that we're especially interested in contributions from people from groups underrepresented in free and open source software!

We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

If you have contributed before, consider leaving this one for someone new, and looking through our general help wanted issues. Thanks!

🤔 What you will need to know.

Nothing. This issue is meant to welcome you to Open Source :) We are happy to walk you through the process.

📋 Step by Step

• [ ] 🙋 Claim this issue: Comment below. If someone else has claimed it, ask if they've opened a pull request already and if they're stuck -- maybe you can help them solve a problem or move it along!

• [ ] 📝 Update the file app/views/tag/blog.html.erb in the plots2 repository (press the little pen Icon) and edit the line as shown below.

See this page for some help in taking your first steps!

Below is a "diff" showing in red (and a -) which lines to remove, and in green (and a +) which lines to add:

@@ -2,7 +2,7 @@
 </div>
 <div class="col-lg-8 blog">
   <div class="blog-header">
-    <h1><%= params[:id] == "blog" ? I18n.t('tag.blog.the_public_lab') : params[:id].split('-').join(' ').capitalize %> <%=raw translation('tag.blog.blog') %></h1>
+    <h1><%=h params[:id] == "blog" ? I18n.t('tag.blog.the_public_lab') : params[:id].split('-').join(' ').capitalize %> <%=raw translation('tag.blog.blog') %></h1>

     <% if params[:id] == "blog" %>
       <br />
@@ -13,13 +13,13 @@
         <a href="/tools"><%=raw translation('tag.methods') %></a>
       </p>
       <% if current_user %>
-        <a class="btn btn-outline-secondary btn-sm" href="/feed/tag/<%= params[:id] %>.rss"><i class="fa fa-rss"></i> RSS</a>
+        <a class="btn btn-outline-secondary btn-sm" href="/feed/tag/<%=h params[:id] %>.rss"><i class="fa fa-rss"></i> RSS</a>
         <% if current_user.following(params[:id]) %>
-          <a rel="tooltip" title="<%= translation('tag.blog.unfollow',{},false) %>" class="btn btn-outline-secondary btn-sm active" href="/unsubscribe/tag/<%= params[:id] %>"><i class="fa fa-user-plus" aria-hidden="true"></i> <%= translation('tag.blog.following') %> <b><%= params[:id] %></b></a>
+          <a rel="tooltip" title="<%= translation('tag.blog.unfollow',{},false) %>" class="btn btn-outline-secondary btn-sm active" href="/unsubscribe/tag/<%=h params[:id] %>"><i class="fa fa-user-plus" aria-hidden="true"></i> <%= translation('tag.blog.following') %> <b><%=h params[:id] %></b></a>
         <% else %>
           <br><br>
           <div class="alert alert-success" role="alert">
-            Want to get updates for new blog posts? <a class="btn btn-outline-secondary btn-sm" href="/subscribe/tag/<%= params[:id] %>">
+            Want to get updates for new blog posts? <a class="btn btn-outline-secondary btn-sm" href="/subscribe/tag/<%=h params[:id] %>">
             <b><%=raw translation('Click here to subscribe!') %></b></a>
           </div>
         <% end %>
@@ -37,7 +37,7 @@
   <hr />

   <% if @notes.nil? || @notes.length == 0 %>
-    <p><%= raw translation('tag.blog.no_results', :search => params[:id]) %>:</p>
+    <p><%= raw translation('tag.blog.no_results', :search => sanitize(params[:id])) %>:</p>

     <%= render template: "search/new" %>

• [ ] 💾 Commit your changes

• [ ] 🔀 Start a Pull Request. There are two ways how you can start a pull request:

  1. If you are not familiar with GitHub or the pull request model, here is a guide you can follow on how GitHub works.
  2. If you are familiar with the terminal or would like to learn to use it, here is a great tutorial on how to send a pull request using the terminal.

3. You can also edit files directly in your browser and open a pull request from there.

• [ ] 🏁 Done Ask in comments for a review :)

Please keep us updated

💬⏰ - We encourage contributors to be respectful to the community and provide an update within a week of claiming a first-timers-only issue. We're happy to keep it assigned to you as long as you need if you update us with a request for more time or help, but if we don't see any activity a week after you claim it we may reassign it to give someone else a chance. Thank you in advance!

If this happens to you, don't sweat it! Grab another open issue.

Is someone else already working on this?

🔗- We encourage contributors to link to the original issue in their pull request so all users can easily see if someone's already started on it.

👥- If someone seems stuck, offer them some help! Otherwise, take a look at some other issues you can help with. Thanks!

🤔❓ Questions?

Leave a comment below!

[jywarren]

This is reserved for @swatantra-15

[TildaDares]

Reassigning this since @swatantra-15 hasn't responded.

Reserved for @Kabere34 for 24 hours

[Kabere34]

Thanks, working on it

[TildaDares]

Hi @Kabere34, do you need any help with this?

[Ayush0431]

Hi @TildaDares if no is interested I can work on it .

[TildaDares]

Hi @Ayush0431, let's give @Kabere34 some time to respond. In the meantime, you can work on #10395. Thanks!

[Kabere34]

Hi, @TildaDares
I've just made the changes, raising a pull request soon