xss issue fixed

app/views/orbit_bar/index.html.erb

@@ -15,7 +15,6 @@
         </div>
         <div class="login-body">
           <%= form_tag "/sessions?locale=#{locale.to_s}", method: "post", :class => "container" do |f| %>
-            <input type="hidden" name="referer_url" value="<%= request.original_url %>">
             <div class="prepend">
               <span class="add"><i class="icon-user"></i></span>
               <input class="input" id="user_user_id" name="user_name" placeholder="<%= t("users.user_id") %>" size="30" type="text">
@@ -182,4 +181,8 @@
       $("#user_user_id").focus();
     }
   })
+  $(".login-body form").on("submit",function(){
+    $(this).append("<input type='hidden' name='referer_url' value='<%= request.original_url %>'/>");
+  })
+
   </script>