/railties/doc/guides/securing_rails_applications/
../
creating_records_directly_from_form_parameters.txt
cross_site_scripting.txt
securing_rails_applications.txt
sql_injection.txt