projects / selectricity-live / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a bunch of fixes to HTML escaping, and a test case for it
[selectricity-live] / app / views / quickvote / _pref_table.rhtml
diff --git a/app/views/quickvote/_pref_table.rhtml b/app/views/quickvote/_pref_table.rhtml
index 4576a0fafb8e7971af4499ba88b9501bacb1a2aa..1d3cdf37b29706c7be45c654ccf05000be20caef 100644 (file)
--- a/app/views/quickvote/_pref_table.rhtml
+++ b/app/views/quickvote/_pref_table.rhtml
@@ -9,17 +9,17 @@
   <tr>
        <td> </td>
        <% candidates.each do |candidate| -%>
-         <th><%= names[candidate] -%></th>
+         <th><%=h names[candidate] -%></th>
        <% end -%>
 <% candidates.each do |winner| -%>
   <tr>
-       <th><%= names[winner] %></th>
+       <th><%=h names[winner] %></th>
   <% candidates.each do |loser| -%> 
     <% if winner == loser -%>
       <td> -- </td>
     <% else %>         
       <td><% wins = @election.condorcet_result.matrix[winner][loser]%>
-          <%= wins %>
+          <%=h wins %>
              <%= sparkline_tag [(wins.to_f/voters.to_f)*100.0], :type => 'pie', 
                                 :diameter => 25, :share_color => '#74ce00' %>
          </td>
Voting machinery for the masses!

Benjamin Mako Hill || Want to submit a patch?