]> projects.mako.cc - selectricity-live/blob - app/views/election/_candidate_line_edit.rhtml
Add a bunch of fixes to HTML escaping, and a test case for it
[selectricity-live] / app / views / election / _candidate_line_edit.rhtml
1 <% -%>
2 <div id="cand<%= @current_candidate.id %>">
3 <p><strong><%= @current_candidate.name %></strong>
4   (<%= link_to_remote "Delete",
5                        :complete => "Element.remove('cand#{@current_candidate.id}')",
6                        :url => { :action => :delete_candidate,
7                        :id => @current_candidate.id } %> |
8     <%= link_to "Edit", :action => 'edit_candidate', :id =>
9     @current_candidate.id %>)<br />
10     <blockquote>
11     <table><tr><td valign="top">
12       <% if @current_candidate.picture? %>
13       <img src="<%= url_for :action => 'candidate_picture',
14                             :id => @current_candidate.id %>"
15            align="top" width="80px" />
16       <% end %>
17       </td>
18       <% if @current_candidate.description.length > 0 %>
19       <td valign="top">
20         <em>Description:</em><br />
21          <%= h(@current_candidate.description) %>
22       </td>
23       <% else %>
24       <td></td>
25       <% end %>
26     </tr></table>
27     </blockquote>
28 </p>
29 </div>

Benjamin Mako Hill || Want to submit a patch?