Add a bunch of fixes to HTML escaping, and a test case for it

[selectricity-live] / app / views / site / index.rhtml

diff --git a/app/views/site/index.rhtml b/app/views/site/index.rhtml
index 0d59849a6997d2c621454e2491cca25284e3ed82..1b994b0e16ebf84e29e1b7df89c1c9298cb81e44 100644 (file)
--- a/app/views/site/index.rhtml
+++ b/app/views/site/index.rhtml
@@ -17,7 +17,7 @@ methods.</p>
 
 <ul>
 <% for quickvote in @quickvotes %>
-<li><%= link_to (quickvote.shortdesc || "Unnamed"), quickvote_url(:ident => quickvote.name) %></li>
+<li><%= link_to (h(quickvote.shortdesc) || "Unnamed"), quickvote_url(:ident => quickvote.name) %></li>
 <% end %>
 </ul>