# store the candidate grabbed through ajax and stored in flash
@quickvote.candidatelist = flash[:candlist]
-
+ @quickvote.description=CGI.escapeHTML(@quickvote.description)
# try to save, if it fails, show the page again (the flash should
# still be intact
if @quickvote.save