I’ve used this super basic Rails app to explain the need to sanitize your params in your Rails application.
* What are params in a web application. * How are they sent to the server, typically? * How a client controls what params are sent to the server. * What strong params does to whitelist what params a client can use in a form.