1 files changed, 5 insertions, 5 deletions

diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index 8ce0001080..6372c606b7 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -371,7 +371,7 @@ The mass-assignment feature may become a problem, as it allows an attacker to se
 
 <ruby>
 def signup
-  params[:user] #=> {:name => “ow3ned”, :admin => true}
+  params[:user] # => {:name => “ow3ned”, :admin => true}
   @user = User.new(params[:user])
 end
 </ruby>
@@ -385,7 +385,7 @@ Mass-assignment saves you much work, because you don't have to set each value in
 This will set the following parameters in the controller:
 
 <ruby>
-params[:user] #=> {:name => “ow3ned”, :admin => true}
+params[:user] # => {:name => “ow3ned”, :admin => true}
 </ruby>
 
 So if you create a new user using mass-assignment, it may be too easy to become an administrator.
@@ -423,11 +423,11 @@ attr_accessible :name
 If you want to set a protected attribute, you will to have to assign it individually:
 
 <ruby>
-params[:user] #=> {:name => "ow3ned", :admin => true}
+params[:user] # => {:name => "ow3ned", :admin => true}
 @user = User.new(params[:user])
-@user.admin #=> false # not mass-assigned
+@user.admin # => false # not mass-assigned
 @user.admin = true
-@user.admin #=> true
+@user.admin # => true
 </ruby>
 
 A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes.  This can be easily achieved with a very simple initializer: