projects
/
selectricity-live
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
a7d8700
)
Do some HTML escaping on election and candidate names
author
John Dong
<jdong@mit.edu>
Wed, 29 Aug 2007 21:26:14 +0000
(17:26 -0400)
committer
John Dong
<jdong@mit.edu>
Wed, 29 Aug 2007 21:26:14 +0000
(17:26 -0400)
app/views/election/_candidate_line.rhtml
patch
|
blob
|
history
app/views/election/_candidate_line_edit.rhtml
patch
|
blob
|
history
app/views/election/_winner.rhtml
patch
|
blob
|
history
app/views/election/_winner_details.rhtml
patch
|
blob
|
history
app/views/election/edit.rhtml
patch
|
blob
|
history
app/views/election/edit_candidate.rhtml
patch
|
blob
|
history
app/views/election/list.rhtml
patch
|
blob
|
history
app/views/election/new_voters.rhtml
patch
|
blob
|
history
diff --git
a/app/views/election/_candidate_line.rhtml
b/app/views/election/_candidate_line.rhtml
index 5145b88878e78add5767e0890644ac76b94cbaad..870a2de03d6bb977c9776abd745f7bd66c671d2a 100644
(file)
--- a/
app/views/election/_candidate_line.rhtml
+++ b/
app/views/election/_candidate_line.rhtml
@@
-1,6
+1,6
@@
<% -%>
<div id="cand<%= @current_candidate.id %>">
<% -%>
<div id="cand<%= @current_candidate.id %>">
- <li><%= @current_candidate.name -%>
+ <li><%=
h
@current_candidate.name -%>
<% if @show_details %>
(<%= link_to_remote "Hide Details",
:update => "cand#{@current_candidate.id}",
<% if @show_details %>
(<%= link_to_remote "Hide Details",
:update => "cand#{@current_candidate.id}",
diff --git
a/app/views/election/_candidate_line_edit.rhtml
b/app/views/election/_candidate_line_edit.rhtml
index 78f8580655b79453930bcdf8638fcb18fed840c3..61a9f6324cde461485f414975bd5f7cfdbd29783 100644
(file)
--- a/
app/views/election/_candidate_line_edit.rhtml
+++ b/
app/views/election/_candidate_line_edit.rhtml
@@
-1,6
+1,6
@@
<% -%>
<div id="cand<%= @current_candidate.id %>">
<% -%>
<div id="cand<%= @current_candidate.id %>">
-<p><strong><%= @current_candidate.name %></strong>
+<p><strong><%=
h
@current_candidate.name %></strong>
(<%= link_to_remote "Delete",
:complete => "Element.remove('cand#{@current_candidate.id}')",
:url => { :action => :delete_candidate,
(<%= link_to_remote "Delete",
:complete => "Element.remove('cand#{@current_candidate.id}')",
:url => { :action => :delete_candidate,
diff --git
a/app/views/election/_winner.rhtml
b/app/views/election/_winner.rhtml
index 531e0d2bf9d23161d6a299fbf91183493282a6db..0e55aa22e22796c5bebb010f05d69929a17e616e 100644
(file)
--- a/
app/views/election/_winner.rhtml
+++ b/
app/views/election/_winner.rhtml
@@
-6,7
+6,7
@@
<ul>
<% for candidate in @winners %>
<ul>
<% for candidate in @winners %>
- <li><%= @candidates_by_id[candidate].name %></li>
+ <li><%=
h
@candidates_by_id[candidate].name %></li>
<% end %>
</ul>
<% end %>
</ul>
@@
-14,7
+14,7
@@
<% winner = @winners[0] %>
<p>The winner of the election was:
<% winner = @winners[0] %>
<p>The winner of the election was:
- <strong><%= @candidates_by_id[winner].name %></strong>
+ <strong><%=
h
@candidates_by_id[winner].name %></strong>
</p>
<% end %>
</p>
<% end %>
diff --git
a/app/views/election/_winner_details.rhtml
b/app/views/election/_winner_details.rhtml
index 0903952eb6e386b3368d4e29effa911c9504580b..36877ae4c7fd1163bb245d66b3cec4fff756d482 100644
(file)
--- a/
app/views/election/_winner_details.rhtml
+++ b/
app/views/election/_winner_details.rhtml
@@
-6,12
+6,12
@@
preferred to any other candidates is listed here:</p>
<tr>
<th></th>
<% for candidate in @election.candidates.sort %>
<tr>
<th></th>
<% for candidate in @election.candidates.sort %>
- <th><%= candidate.name %></th>
+ <th><%=
h
candidate.name %></th>
<% end %>
</tr>
<% for cand1 in @election.candidates.sort %>
<tr>
<% end %>
</tr>
<% for cand1 in @election.candidates.sort %>
<tr>
- <th><%= cand1.name %></th>
+ <th><%=
h
cand1.name %></th>
<% for cand2 in @election.candidates.sort %>
<td>
<% if cand1 == cand2 %>
<% for cand2 in @election.candidates.sort %>
<td>
<% if cand1 == cand2 %>
diff --git
a/app/views/election/edit.rhtml
b/app/views/election/edit.rhtml
index 968d1575124c730204089cc2a17e7b5ef094f280..40aaad28d51b510674231ae236a77959967600ed 100644
(file)
--- a/
app/views/election/edit.rhtml
+++ b/
app/views/election/edit.rhtml
@@
-1,4
+1,4
@@
-<h1><strong><%= @election.name %>:</strong> Edit Overview</h1>
+<h1><strong><%=
h
@election.name %>:</strong> Edit Overview</h1>
<% form_tag(:action => 'update', :id => @election) do %>
<%= render :partial => 'overview_form' %>
<% form_tag(:action => 'update', :id => @election) do %>
<%= render :partial => 'overview_form' %>
diff --git
a/app/views/election/edit_candidate.rhtml
b/app/views/election/edit_candidate.rhtml
index fe56aa08c37f3d20d8c33f03da7c2cef4442f181..7e1dd65704cd3ef9b33d7d59dd6be8ae36419587 100644
(file)
--- a/
app/views/election/edit_candidate.rhtml
+++ b/
app/views/election/edit_candidate.rhtml
@@
-1,4
+1,4
@@
-<h1>Editing <%= @candidate.name %></h1>
+<h1>Editing <%=
h
@candidate.name %></h1>
<%= error_messages_for :candidate %>
<% form_tag( { :action => :update_candidate, :id => @candidate.id },
<%= error_messages_for :candidate %>
<% form_tag( { :action => :update_candidate, :id => @candidate.id },
diff --git
a/app/views/election/list.rhtml
b/app/views/election/list.rhtml
index 83be6c6c28671bf728c27ce8e36b628cfa2a1734..321bf4630dad225b88b59ef3630b9b50fa6be5cb 100644
(file)
--- a/
app/views/election/list.rhtml
+++ b/
app/views/election/list.rhtml
@@
-5,9
+5,9
@@
<% for election in @elections %>
<tr>
<% for election in @elections %>
<tr>
- <td valign="top"><h2><%= link_to election.name, :action => 'show', :id => election %></h2>
+ <td valign="top"><h2><%=
h
link_to election.name, :action => 'show', :id => election %></h2>
<p><strong>Description:</strong></p>
<p><strong>Description:</strong></p>
- <blockquote><%= election.description %></blockquote>
+ <blockquote><%=
h
election.description %></blockquote>
<p><strong>Election Information:</strong></p>
<ul>
<p><strong>Election Information:</strong></p>
<ul>
diff --git
a/app/views/election/new_voters.rhtml
b/app/views/election/new_voters.rhtml
index d1f0fab8adafc5f59be7bb0b67c47fb046c943bc..5f064462f3c8ceed2e28b27bd7c8befd14ea7b1d 100644
(file)
--- a/
app/views/election/new_voters.rhtml
+++ b/
app/views/election/new_voters.rhtml
@@
-1,5
+1,5
@@
<% @edit = true %>
<% @edit = true %>
-<h1><strong><%= @election.name %>:</strong> Enter List of Voter Email Addresses</h1>
+<h1><strong><%=
h
@election.name %>:</strong> Enter List of Voter Email Addresses</h1>
<%= render :partial => 'voter_list' %>
<%= render :partial => 'voter_list' %>
Benjamin Mako Hill
||
Want to submit a patch?