projects / selectricity-live / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a bunch of fixes to HTML escaping, and a test case for it
[selectricity-live] / app / views / quickvote / _victories_ties.rhtml
diff --git a/app/views/quickvote/_victories_ties.rhtml b/app/views/quickvote/_victories_ties.rhtml
index 7c3506a820f3d9037762b902e4f1a78f3692bbbd..993caa8f40280c65d460fc953283395198665a73 100644 (file)
--- a/app/views/quickvote/_victories_ties.rhtml
+++ b/app/views/quickvote/_victories_ties.rhtml
@@ -4,9 +4,9 @@
 <table class="voterbox">
   <% victories.keys.each do |victor| %>
   <tr>
-    <th><%= names[victor] %></th>
+    <th><%=h names[victor] %></th>
        <% victories[victor].keys.each do |loser| %>
-       <td><%= names[loser] %> (<%= victories[victor][loser] %>)</td>
+       <td><%=h names[loser] %> (<%= victories[victor][loser] %>)</td>
        <% end -%>
   </tr>
   <% end -%>
Voting machinery for the masses!

Benjamin Mako Hill || Want to submit a patch?