From eeeb834b6b3ca9e76d995e5672a3b06080c5e57b Mon Sep 17 00:00:00 2001
From: Neil Lalonde <neillalonde@gmail.com>
Date: Thu, 19 Jun 2014 17:19:13 -0400
Subject: [PATCH] FIX: strip html tags from category badge tooltips

---
 app/assets/javascripts/discourse/lib/html.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/discourse/lib/html.js b/app/assets/javascripts/discourse/lib/html.js
index 19e9fa16590..a462a1f9909 100644
--- a/app/assets/javascripts/discourse/lib/html.js
+++ b/app/assets/javascripts/discourse/lib/html.js
@@ -95,8 +95,9 @@ Discourse.HTML = {
             (opts.clearChildColor ? ' clear-badge' : '') +
             extraClasses + "\" ";
     name = Handlebars.Utils.escapeExpression(name);
-    // Add description if we have it
-    if (description) html += "title=\"" + Handlebars.Utils.escapeExpression(description) + "\" ";
+
+    // Add description if we have it, without tags. Server has sanitized the description value.
+    if (description) html += "title=\"" + $("<div/>").html(description).text() + "\" ";
 
     if (!opts.clearChildColor) {
       var categoryStyle = Discourse.HTML.categoryStyle(category);