<% %>
<% if result.winner? and result.winners.length == 1%>
<p><em>The winner is:
- <strong><%= @candidates[result.winner].name.capitalize %></strong></em></p>
+ <strong><%=h @candidates[result.winner].name.capitalize %></strong></em></p>
<% elsif result.winner? and result.winners.length > 1 %>
- <p><em>There was a tie. The winners are: <strong><%=
- result.winners.collect {|w| @candidates[w].to_s.capitalize}.join(", ") %></strong></em></p>
+ <p><em>There was a tie. The winners are: <strong><%=h( result.winners.collect {|w| @candidates[w].to_s.capitalize}.join(", ") )%></strong></em></p>
<% else %>
<p><em>There is no winner using this method. </em></strong></p>
<% end %>