From 09381a294e08a5f3c980f8e288f4b08ac7a41749 Mon Sep 17 00:00:00 2001
From: Dev <dev@Devs-MacBook-Pro-7.local>
Date: Wed, 5 Jun 2024 15:25:28 -0700
Subject: [PATCH] Fixed jquery-ujs vulnerbility issue

---
 src/rails.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rails.js b/src/rails.js
index 0e27110..6db42b7 100644
--- a/src/rails.js
+++ b/src/rails.js
@@ -218,9 +218,9 @@
         target = link.attr('target'),
         csrfToken = rails.csrfToken(),
         csrfParam = rails.csrfParam(),
-        form = $('<form method="post" action="' + href + '"></form>'),
+        form = $('<form method="post"></form>'),
         metadataInput = '<input name="_method" value="' + method + '" type="hidden" />';
-
+      form.attr('action', href);
       if (csrfParam !== undefined && csrfToken !== undefined && !rails.isCrossDomain(href)) {
         metadataInput += '<input name="' + csrfParam + '" value="' + csrfToken + '" type="hidden" />';
       }