]> projects.mako.cc - selectricity-live/blobdiff - app/views/election/list.rhtml
Do some HTML escaping on election and candidate names
[selectricity-live] / app / views / election / list.rhtml
old mode 100755 (executable)
new mode 100644 (file)
index 83be6c6..321bf46
@@ -5,9 +5,9 @@
 
 <% for election in @elections %>
   <tr>
-    <td valign="top"><h2><%= link_to election.name, :action => 'show', :id => election %></h2>
+    <td valign="top"><h2><%=h link_to election.name, :action => 'show', :id => election %></h2>
         <p><strong>Description:</strong></p>
-       <blockquote><%= election.description %></blockquote>
+       <blockquote><%=h election.description %></blockquote>
        
         <p><strong>Election Information:</strong></p>
        <ul>

Benjamin Mako Hill || Want to submit a patch?