projects / selectricity-live / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Do some HTML escaping on election and candidate names
[selectricity-live] / app / views / election / list.rhtml
diff --git a/app/views/election/list.rhtml b/app/views/election/list.rhtml
index 83be6c6c28671bf728c27ce8e36b628cfa2a1734..321bf4630dad225b88b59ef3630b9b50fa6be5cb 100644 (file)
--- a/app/views/election/list.rhtml
+++ b/app/views/election/list.rhtml
@@ -5,9 +5,9 @@
 
 <% for election in @elections %>
   <tr>
-    <td valign="top"><h2><%= link_to election.name, :action => 'show', :id => election %></h2>
+    <td valign="top"><h2><%=h link_to election.name, :action => 'show', :id => election %></h2>
         <p><strong>Description:</strong></p>
-       <blockquote><%= election.description %></blockquote>
+       <blockquote><%=h election.description %></blockquote>
        
         <p><strong>Election Information:</strong></p>
        <ul>
Voting machinery for the masses!

Benjamin Mako Hill || Want to submit a patch?