diff --git a/foundation.gnome.org/vote/blt.wml b/foundation.gnome.org/vote/blt.wml
index 4cc3ce9..39a9682 100644
--- a/foundation.gnome.org/vote/blt.wml
+++ b/foundation.gnome.org/vote/blt.wml
@@ -50,7 +50,7 @@ if ($display && $election_id >= 0) {
     $error .= "The specified election/referendum does not exist.\n";
     $display = FALSE;
   } else if (!elec_election_has_ended ($election)) {
-    $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.\n";
+    $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.\n";
     $display = FALSE;
   }
 }
@@ -59,7 +59,7 @@ if ($display && $election_id >= 0) {
 if ($display) {
   $choices = elec_choices_get ($handle, $election_id);
   if ($choices === FALSE) {
-    $error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
+    $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
     $display = FALSE;
   }
 }
@@ -73,7 +73,7 @@ if (isset ($election) && $election !== FALSE) {
 if ($display) {
   $anon_tokens = elec_get_anon_tokens_for_election ($handle, $election_id);
   if ($anon_tokens === FALSE) {
-    $error .= "Can not get the anonymous tokens for this ".elec_election_get_type ($election).".\n";
+    $error .= "Can not get the anonymous tokens for this ".htmlspecialchars(elec_election_get_type ($election)).".\n";
     $display = FALSE;
   }
 }
@@ -93,7 +93,7 @@ if ($display) {
     $votes = elec_get_votes_for_anon_token ($handle, $anon_token["id"]);
     if ($votes === FALSE) {
       echo "1 999 0\n";
-      $error .= "Can not get votes for anonymous token ".$anon_token["anon_token"]."\n";
+      $error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."\n";
     } else if (count ($votes) == 0) {
       echo "1 0\n";
     } else {
@@ -103,7 +103,7 @@ if ($display) {
           echo $choices_pos[$vote["choice_id"]]." ";
         else {
           echo "999 ";
-          $error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."\n";
+          $error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."\n";
         }
       }
       echo "0\n";
diff --git a/foundation.gnome.org/vote/include/step4-commit.php b/foundation.gnome.org/vote/include/step4-commit.php
index 208616e..2532fbe 100644
--- a/foundation.gnome.org/vote/include/step4-commit.php
+++ b/foundation.gnome.org/vote/include/step4-commit.php
@@ -58,7 +58,7 @@ function step4_do () {
   } while ($anon_token_id === FALSE && $i < 10);
 
   if ($anon_token_id === FALSE) {
-    $error .= "Can not create an anonymous token: ".mysql_error ($handle)."<br />\n";
+    $error .= "Can not create an anonymous token: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
     elec_sql_rollback ($handle);
     return $result;
   }
@@ -71,7 +71,7 @@ function step4_do () {
       $res = elec_insert_new_vote ($handle, $anon_token_id, $vote, $index);
 
       if (!$res) {
-        $error .= "Can not insert a vote: ".mysql_error ($handle)."<br />\n";
+        $error .= "Can not insert a vote: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
         elec_sql_rollback ($handle);
         return $result;
       }
@@ -81,14 +81,14 @@ function step4_do () {
   $res = elec_sql_remove_tmp_token ($handle, $election_id, $email, $tmp_token);
 
   if (!$res) {
-    $error .= "Can not remove temporary token: ".mysql_error ($handle)."<br />\n";
+    $error .= "Can not remove temporary token: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
     elec_sql_rollback ($handle);
     return $result;
   }
 
   $res = elec_sql_commit ($handle);
   if (!$res) {
-    $error .= "Can not commit the vote: ".mysql_error ($handle)."<br />\n";
+    $error .= "Can not commit the vote: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
     return $result;
   }
 
diff --git a/foundation.gnome.org/vote/results.wml b/foundation.gnome.org/vote/results.wml
index 200a21b..b17bbb4 100644
--- a/foundation.gnome.org/vote/results.wml
+++ b/foundation.gnome.org/vote/results.wml
@@ -35,7 +35,7 @@ if ($display && $election_id >= 0) {
     $error .= "The specified election/referendum does not exist.<br />\n";
     $display = FALSE;
   } else if (!elec_election_has_ended ($election)) {
-    $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.<br />\n";
+    $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.<br />\n";
     $display = FALSE;
   }
   else
@@ -49,7 +49,7 @@ if (isset ($election) && $election !== FALSE) {
   {
     echo "<h1>Results for the ".htmlspecialchars($election["name"])."</h1>\n";
   } else {
-    $error .= "The voting period for the specified ".elec_election_get_type ($election)." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
+    $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
     echo "<p>In the meantime, you can look at the <a href=\"votes.php?election_id=".rawurlencode($election_id)."\">list of all votes</a> and verify that your vote is correct.</p>\n";
     $display = FALSE;
   }
@@ -64,7 +64,7 @@ if ($display) {
 }
 
 if (isset ($error) && $error != "") {
-  echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
+  echo "<div class=\"error\">".$error."</div>\n";;
   echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
 }
 
diff --git a/foundation.gnome.org/vote/vote.wml b/foundation.gnome.org/vote/vote.wml
index ae119a7..06166af 100644
--- a/foundation.gnome.org/vote/vote.wml
+++ b/foundation.gnome.org/vote/vote.wml
@@ -43,7 +43,7 @@ if ($election_id == -1) {
     $error .= "The specified election/referendum does not exist.<br />\n";
     $step = 0;
   } else if (!elec_election_is_current ($election)) {
-    $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to vote now.<br />\n";
+    $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to vote now.<br />\n";
     $step = 0;
   }
 }
@@ -65,7 +65,7 @@ if ($step > 1) {
     $choices = elec_choices_get ($handle, $election_id);
 
     if (!elec_verify_elections ($choices)) {
-      $error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
+      $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
       $step = 0;
     }
 
@@ -220,7 +220,7 @@ if ($step >= 2) {
   $res = elec_verify_vote_is_valid ($choices, $vote, $votes_array);
   
   if ($res != "") {
-    $error .= "The vote you made is not valid: ".$res."<br />\n";
+    $error .= "The vote you made is not valid: ".htmlspecialchars($res)."<br />\n";
     $step = 2;
   }
 }
@@ -254,7 +254,7 @@ if (isset ($handle))
   elec_sql_close ($handle);
 
 if (isset ($error) && $error != "") {
-  echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
+  echo "<div class=\"error\">".$error."</div>\n";;
   echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
 }
 
diff --git a/foundation.gnome.org/vote/votes.wml b/foundation.gnome.org/vote/votes.wml
index 60e6376..4107726 100644
--- a/foundation.gnome.org/vote/votes.wml
+++ b/foundation.gnome.org/vote/votes.wml
@@ -35,7 +35,7 @@ if ($display && $election_id >= 0) {
     $error .= "The specified election/referendum does not exist.<br />\n";
     $display = FALSE;
   } else if (!elec_election_has_ended ($election)) {
-    $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.<br />\n";
+    $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.<br />\n";
     $display = FALSE;
   }
 }
@@ -47,7 +47,7 @@ if (isset ($election) && $election !== FALSE) {
 if ($display) {
   $anon_tokens = elec_get_anon_tokens_for_election ($handle, $election_id);
   if ($anon_tokens === FALSE) {
-    $error .= "Can not get the anonymous tokens for this ".elec_election_get_type ($election).".\n";
+    $error .= "Can not get the anonymous tokens for this ".htmlspecialchars(elec_election_get_type ($election)).".\n";
     $display = FALSE;
   }
 }
@@ -55,7 +55,7 @@ if ($display) {
 if ($display) {
   $choices = elec_choices_get ($handle, $election_id);
   if ($choices === FALSE) {
-    $error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
+    $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
     $display = FALSE;
   }
 }
@@ -89,7 +89,7 @@ if ($display) {
 
     if ($votes === FALSE) {
       echo "Can not access votes<br />for this anonymous token.";
-      $error .= "Can not get votes for anonymous token ".$anon_token["anon_token"]."<br />\n";
+      $error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."<br />\n";
     } else if (count ($votes) == 0) {
       echo "This member chose to vote for<br />none of the possible choices.";
     } else {
@@ -99,7 +99,7 @@ if ($display) {
           echo "<li><em>".htmlspecialchars($votes["preference"])." ".htmlspecialchars($choices_name[$vote["choice_id"]])."</em></li>\n";
         else {
           echo "<li><em>Unknown value (".htmlspecialchars($vote["choice_id"]).")</em></li>\n";
-          $error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."<br />\n";
+          $error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."<br />\n";
         }
       }
       echo "</ol>";
@@ -114,7 +114,7 @@ if ($display) {
 }
 
 if (isset ($error) && $error != "") {
-  echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
+  echo "<div class=\"error\">".$error."</div>\n";;
   echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
 }