17 files changed, 24 insertions, 23 deletions

diff --git a/app/views/admin_request/hidden_user_explanation.rhtml b/app/views/admin_request/hidden_user_explanation.rhtml
index 64387ffee..7084e986f 100644
--- a/app/views/admin_request/hidden_user_explanation.rhtml
+++ b/app/views/admin_request/hidden_user_explanation.rhtml
@@ -1,9 +1,10 @@
 Dear <%= name_to %>,
 
-Your request '<%= info_request.title %>' at <%= info_request_url %> has been reviewed by moderators.  
+Your request '<%= info_request.title.html_safe %>' at <%= info_request_url %> has been reviewed by moderators.
 
 We consider it <% if reason == 'not_foi' %>is not a valid FOI request<% else %>to be vexatious<% end%>, and have therefore hidden it from other users. You will still be able to view it while logged in to the site. Please reply to this email if you would like to discuss this decision further.
 
 Yours,
 
 The <%= site_name %> team.
+
diff --git a/app/views/contact_mailer/from_admin_message.rhtml b/app/views/contact_mailer/from_admin_message.rhtml
index bdb48d580..4169d8d3a 100644
--- a/app/views/contact_mailer/from_admin_message.rhtml
+++ b/app/views/contact_mailer/from_admin_message.rhtml
@@ -1,2 +1,2 @@
-<%= @message.strip %>
+<%= raw @message %>
 
diff --git a/app/views/contact_mailer/to_admin_message.rhtml b/app/views/contact_mailer/to_admin_message.rhtml
index 9c0a74c02..8c56779fd 100644
--- a/app/views/contact_mailer/to_admin_message.rhtml
+++ b/app/views/contact_mailer/to_admin_message.rhtml
@@ -1,4 +1,4 @@
-<%= @message.strip %>
+<%= raw @message.strip %>
 
 ---------------------------------------------------------------------
 <%= _('Message sent using {{site_name}} contact form, ', :site_name=>site_name)%>
diff --git a/app/views/contact_mailer/user_message.rhtml b/app/views/contact_mailer/user_message.rhtml
index b1d6e81ae..afa1494db 100644
--- a/app/views/contact_mailer/user_message.rhtml
+++ b/app/views/contact_mailer/user_message.rhtml
@@ -5,7 +5,7 @@
 learn your email address. Only reply if that is okay.', :user_name => @from_user.name) %>
 ---------------------------------------------------------------------
 
-<%= @message.strip %>
+<%= raw @message.strip %>
 
 ---------------------------------------------------------------------
 <%= _('View Freedom of Information requests made by {{user_name}}:', :user_name=>@from_user.name)%> 
diff --git a/app/views/outgoing_mailer/followup.rhtml b/app/views/outgoing_mailer/followup.rhtml
index 7050a295b..049ebc881 100644
--- a/app/views/outgoing_mailer/followup.rhtml
+++ b/app/views/outgoing_mailer/followup.rhtml
@@ -1,6 +1,6 @@
-<%= @outgoing_message.body.strip %>
+<%= raw @outgoing_message.body.strip %>
 
-<%= @outgoing_message.quoted_part_to_append_to_email.strip %>
+<%= raw @outgoing_message.quoted_part_to_append_to_email.strip %>
 
 -------------------------------------------------------------------
 <%= _('Please use this email address for all replies to this request:')%>
diff --git a/app/views/outgoing_mailer/initial_request.rhtml b/app/views/outgoing_mailer/initial_request.rhtml
index d537a20bc..5c418ecc7 100644
--- a/app/views/outgoing_mailer/initial_request.rhtml
+++ b/app/views/outgoing_mailer/initial_request.rhtml
@@ -1,4 +1,4 @@
-<%= @outgoing_message.body.strip %>
+<%= raw @outgoing_message.body.strip %>
 
 -------------------------------------------------------------------
 
diff --git a/app/views/request_game/play.rhtml b/app/views/request_game/play.rhtml
index eedf19ca2..3bd23e306 100644
--- a/app/views/request_game/play.rhtml
+++ b/app/views/request_game/play.rhtml
@@ -11,7 +11,7 @@
         <tr>
             <td> <%= c += 1 %>. <td>
             <td> <%= user_link(classifications.user) %> </td>
-            <td> <%=pluralize(classifications.cnt, 'request').gsub(" ", "&nbsp;")%> </td>
+            <td> <%=pluralize(classifications.cnt, 'request').gsub(" ", "&nbsp;").html_safe %> </td>
         </tr>
     <% end %>
     </table>
@@ -22,7 +22,7 @@
         <tr>
             <td> <%= c += 1 %>. <td>
             <td> <%= user_link(classifications.user) %> </td>
-            <td> <%= pluralize(classifications.cnt, 'request').gsub(" ", "&nbsp;")%> </td>
+            <td> <%= pluralize(classifications.cnt, 'request').gsub(" ", "&nbsp;").html_safe %> </td>
         </tr>
     <% end %>
     </table>
diff --git a/app/views/request_mailer/external_response.rhtml b/app/views/request_mailer/external_response.rhtml
index e9858f03f..896054a43 100644
--- a/app/views/request_mailer/external_response.rhtml
+++ b/app/views/request_mailer/external_response.rhtml
@@ -1 +1 @@
-<%=@body%>
+<%= raw @body %>
diff --git a/app/views/request_mailer/fake_response.rhtml b/app/views/request_mailer/fake_response.rhtml
index e9858f03f..896054a43 100644
--- a/app/views/request_mailer/fake_response.rhtml
+++ b/app/views/request_mailer/fake_response.rhtml
@@ -1 +1 @@
-<%=@body%>
+<%= raw @body %>
diff --git a/app/views/request_mailer/new_response.rhtml b/app/views/request_mailer/new_response.rhtml
index 083f873b4..672212f20 100644
--- a/app/views/request_mailer/new_response.rhtml
+++ b/app/views/request_mailer/new_response.rhtml
@@ -1,6 +1,6 @@
 <%= _('You have a new response to the {{law_used_full}} request ',:law_used_full=>@info_request.law_used_full)%>
-'<%= @info_request.title %>' <%=_('that you made to')%> 
-<%= @info_request.public_body.name %>. 
+'<%= raw @info_request.title %>' <%=_('that you made to')%> 
+<%= raw @info_request.public_body.name %>. 
 
 <%= _('To view the response, click on the link below.')%>
 
diff --git a/app/views/request_mailer/new_response_reminder_alert.rhtml b/app/views/request_mailer/new_response_reminder_alert.rhtml
index 86fc71de7..c196dafe6 100644
--- a/app/views/request_mailer/new_response_reminder_alert.rhtml
+++ b/app/views/request_mailer/new_response_reminder_alert.rhtml
@@ -3,7 +3,7 @@
 <%=@url%>
 
 <%= _('Your request was called {{info_request}}. Letting everyone know whether you got the information will help us keep tabs on',:info_request=>@info_request.title)%>
-<%= @info_request.public_body.name %>.
+<%= raw @info_request.public_body.name %>.
 
 -- <%= _('the {{site_name}} team', :site_name=>site_name) %>
 
diff --git a/app/views/request_mailer/overdue_alert.rhtml b/app/views/request_mailer/overdue_alert.rhtml
index b8a9ba525..249bf6bb8 100644
--- a/app/views/request_mailer/overdue_alert.rhtml
+++ b/app/views/request_mailer/overdue_alert.rhtml
@@ -1,4 +1,4 @@
-<%= @info_request.public_body.name %> <%= _('have delayed.')%>
+<%= raw @info_request.public_body.name %> <%= _('have delayed.')%>
 
 <%= _('They have not replied to your {{law_used_short}} request {{title}} promptly, as normally required by law',:law_used_short=>@info_request.law_used_short,:title=>@info_request.title)%><% if @info_request.public_body.is_school? %> <%=_('during term time')%> <% end %>.
 
diff --git a/app/views/request_mailer/requires_admin.rhtml b/app/views/request_mailer/requires_admin.rhtml
index 06a798792..e7ab53c59 100644
--- a/app/views/request_mailer/requires_admin.rhtml
+++ b/app/views/request_mailer/requires_admin.rhtml
@@ -1,9 +1,9 @@
 ---------------------------------------------------------------------
-<%=@reported_by.name%> <%= _('has reported an')%> <%=@info_request.law_used_short%>
+<%= raw @reported_by.name %> <%= _('has reported an')%> <%= raw @info_request.law_used_short %>
 <%= _('response as needing administrator attention. Take a look, and reply to this
 email to let them know what you are going to do about it.')%>
 
-Request '<%=@info_request.title%>':
+Request '<%= raw @info_request.title %>':
 <%= @url %>
 
 <%= _('Administration URL:') %> 
diff --git a/app/views/request_mailer/very_overdue_alert.rhtml b/app/views/request_mailer/very_overdue_alert.rhtml
index 6abd198a0..80597473c 100644
--- a/app/views/request_mailer/very_overdue_alert.rhtml
+++ b/app/views/request_mailer/very_overdue_alert.rhtml
@@ -1,4 +1,4 @@
-<%= @info_request.public_body.name %> <%= _('are long overdue.')%>
+<%= raw @info_request.public_body.name %> <%= _('are long overdue.')%>
 
 <%= _('They have not replied to your {{law_used_short}} request {{title}}, 
 as required by law',:law_used_short=>@info_request.law_used_short,:title=>@info_request.title)%><% if @info_request.public_body.is_school? %> <%= _('even during holidays')%><% end %>.
diff --git a/app/views/user_mailer/already_registered.rhtml b/app/views/user_mailer/already_registered.rhtml
index 59ffcbf94..32c2c7e63 100644
--- a/app/views/user_mailer/already_registered.rhtml
+++ b/app/views/user_mailer/already_registered.rhtml
@@ -1,10 +1,10 @@
-<%= @name %>,
+<%= raw @name %>,
 
 <%= _('You just tried to sign up to {{site_name}}, when you
 already have an account. Your name and password have been
 left as they previously were.
 
-Please click on the link below.', :site_name=>site_name)%> <%=@reasons[:email]%> 
+Please click on the link below.', :site_name=>site_name)%> <%=raw @reasons[:email] %> 
 
 <%=@url%>
 
diff --git a/app/views/user_mailer/changeemail_confirm.rhtml b/app/views/user_mailer/changeemail_confirm.rhtml
index ffb9737f7..c73e9486b 100644
--- a/app/views/user_mailer/changeemail_confirm.rhtml
+++ b/app/views/user_mailer/changeemail_confirm.rhtml
@@ -1,4 +1,4 @@
-<%= @name %>,
+<%= raw @name %>,
 
 <%= _('Please click on the link below to confirm that you want to 
 change the email address that you use for {{site_name}}
diff --git a/app/views/user_mailer/confirm_login.rhtml b/app/views/user_mailer/confirm_login.rhtml
index 6f4feff00..fa86dc2b1 100644
--- a/app/views/user_mailer/confirm_login.rhtml
+++ b/app/views/user_mailer/confirm_login.rhtml
@@ -1,7 +1,7 @@
-<%= @name %>,
+<%= raw @name %>,
 
 <%= _('Please click on the link below to confirm your email address.')%>
-<%=@reasons[:email]%> 
+<%= raw @reasons[:email] %> 
 
 <%=@url%>