projects
/
selectricity-live
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add a bunch of fixes to HTML escaping, and a test case for it
[selectricity-live]
/
app
/
views
/
quickvote
/
_victories_ties.rhtml
diff --git
a/app/views/quickvote/_victories_ties.rhtml
b/app/views/quickvote/_victories_ties.rhtml
index 7c3506a820f3d9037762b902e4f1a78f3692bbbd..993caa8f40280c65d460fc953283395198665a73 100644
(file)
--- a/
app/views/quickvote/_victories_ties.rhtml
+++ b/
app/views/quickvote/_victories_ties.rhtml
@@
-4,9
+4,9
@@
<table class="voterbox">
<% victories.keys.each do |victor| %>
<tr>
<table class="voterbox">
<% victories.keys.each do |victor| %>
<tr>
- <th><%= names[victor] %></th>
+ <th><%=
h
names[victor] %></th>
<% victories[victor].keys.each do |loser| %>
<% victories[victor].keys.each do |loser| %>
- <td><%= names[loser] %> (<%= victories[victor][loser] %>)</td>
+ <td><%=
h
names[loser] %> (<%= victories[victor][loser] %>)</td>
<% end -%>
</tr>
<% end -%>
<% end -%>
</tr>
<% end -%>
Benjamin Mako Hill
||
Want to submit a patch?