SECURITY: santize tags when creating new topic via URL

app/assets/javascripts/discourse/controllers/composer.js.es6

@@ -682,7 +682,7 @@ export default Ember.Controller.extend({
     }
 
     if (opts.topicTitle && opts.topicTitle.length <= this.siteSettings.max_topic_title_length) {
-      this.set('model.title', opts.topicTitle);
+      this.set('model.title', escapeExpression(opts.topicTitle));
     }
 
     if (opts.topicCategoryId) {
@@ -707,7 +707,12 @@ export default Ember.Controller.extend({
     }
 
     if (opts.topicTags && !this.site.mobileView && this.site.get('can_tag_topics')) {
-      this.set('model.tags', opts.topicTags.split(","));
+      const self = this;
+      let tags = escapeExpression(opts.topicTags).split(",").slice(0, self.siteSettings.max_tags_per_topic);
+      tags.forEach(function(tag, index, array) {
+        array[index] = tag.substring(0, self.siteSettings.max_tag_length);
+      });
+      self.set('model.tags', tags);
     }
 
     if (opts.topicBody) {

app/assets/javascripts/select-kit/components/mini-tag-chooser.js.es6

@@ -2,6 +2,7 @@ import ComboBox from "select-kit/components/combo-box";
 import Tags from "select-kit/mixins/tags";
 import { default as computed } from "ember-addons/ember-computed-decorators";
 import renderTag from "discourse/lib/render-tag";
+import { escapeExpression } from 'discourse/lib/utilities';
 const { get, isEmpty, run, makeArray } = Ember;
 
 export default ComboBox.extend(Tags, {
@@ -110,6 +111,7 @@ export default ComboBox.extend(Tags, {
       }
 
       tags.map((tag) => {
+        tag = escapeExpression(tag);
         const isHighlighted = highlightedSelection.map(s => get(s, "value")).includes(tag);
         output += `
           <button aria-label="${tag}" title="${tag}" class="selected-tag ${isHighlighted ? 'is-highlighted' : ''}" data-value="${tag}">