<p></p>
<blockquote>
<pre><code>* Double Check the usage of `params[:tag]` in the views.
</code></pre>
</blockquote>
<p>From a quick review, I don't see anything obviously wrong. Rails is very good about avoiding XSS and similar problems, so long as you avoid using any of the utilities that mess around with string safety (like <code>raw</code>, <code>.html_safe</code>, etc).  I can double-check when the PR is ready for review.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/3034#issuecomment-755463352">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLKABXBKUI2Y2MFQUC3SYSQ3NANCNFSM4VRLD5XA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAK2OLO3VKK5YLDQOZ5GFELSYSQ3NA5CNFSM4VRLD5XKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUDXJOA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/3034#issuecomment-755463352",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/3034#issuecomment-755463352",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>