The blog was previously vulnerable to XSS (cross site scripting) & SQL Injection.
These problems were corrected by:
- updating to Rails 4.0.3
- whitelisting input parameters
- sanantizing model level where() search with "like ?'
#Brakeman Gem output
#Credit Forked from Ivan Storck
#License MIT License