projects / selectricity-live / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Do some HTML escaping on election and candidate names
[selectricity-live] / app / views / election / _winner_details.rhtml
diff --git a/app/views/election/_winner_details.rhtml b/app/views/election/_winner_details.rhtml
index 0903952eb6e386b3368d4e29effa911c9504580b..36877ae4c7fd1163bb245d66b3cec4fff756d482 100644 (file)
--- a/app/views/election/_winner_details.rhtml
+++ b/app/views/election/_winner_details.rhtml
@@ -6,12 +6,12 @@ preferred to any other candidates is listed here:</p>
 <tr>
 <th></th>
 <% for candidate in @election.candidates.sort %>
-  <th><%= candidate.name %></th>
+  <th><%=h candidate.name %></th>
 <% end %>
 </tr>
 <% for cand1 in @election.candidates.sort %>
   <tr>
-  <th><%= cand1.name %></th>
+  <th><%=h cand1.name %></th>
   <% for cand2 in @election.candidates.sort %>
     <td>
     <% if cand1 == cand2 %>
Voting machinery for the masses!

Benjamin Mako Hill || Want to submit a patch?