From 108c8d2e2aa2efe6a9ac8912dd98d0570b8226d9 Mon Sep 17 00:00:00 2001
From: Mike McCabe <mccabe615@gmail.com>
Date: Tue, 12 Nov 2013 16:11:30 -0500
Subject: [PATCH] turning off whitelisting and entities encoding

---
 config/application.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/application.rb b/config/application.rb
index 4bac9da..1d45be7 100755
--- a/config/application.rb
+++ b/config/application.rb
@@ -40,7 +40,7 @@ module Railsgoat
     config.filter_parameters += [:password]
 
     # Enable escaping HTML in JSON.
-    config.active_support.escape_html_entities_in_json = true
+    config.active_support.escape_html_entities_in_json = false
 
     # Use SQL instead of Active Record's schema dumper when creating the database.
     # This is necessary if your schema can't be completely dumped by the schema dumper,
@@ -51,7 +51,7 @@ module Railsgoat
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = false
 
     # Enable the asset pipeline
     config.assets.enabled = true