<ul>
<% for candidate in @winners %>
- <li><%= @candidates_by_id[candidate].name %></li>
+ <li><%=h @candidates_by_id[candidate].name %></li>
<% end %>
</ul>
<% winner = @winners[0] %>
<p>The winner of the election was:
- <strong><%= @candidates_by_id[winner].name %></strong>
+ <strong><%=h @candidates_by_id[winner].name %></strong>
</p>
<% end %>