Add a bunch of fixes to HTML escaping, and a test case for it

[selectricity-live] / app / views / quickvote / _result.rhtml

<% %>
<% if result.winner? and result.winners.length == 1%>
  <p><em>The winner is:
     <strong><%=h @candidates[result.winner].name.capitalize %></strong></em></p>
<% elsif result.winner? and result.winners.length > 1 %>
  <p><em>There was a tie. The winners are: <strong><%=h( result.winners.collect {|w| @candidates[w].to_s.capitalize}.join(", ") )%></strong></em></p>
<% else %>
  <p><em>There is no winner using this method. </em></strong></p>
<% end %>