From 813711d79e01a3ab92de6b072219f81fe286eaa7 Mon Sep 17 00:00:00 2001
From: GSMcNamara <holler@incless.com>
Date: Thu, 7 Nov 2013 14:56:18 -0500
Subject: [PATCH 1/3] Grammar fix.

---
 app/views/layouts/tutorial/xss/_xss_first.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/tutorial/xss/_xss_first.html.erb b/app/views/layouts/tutorial/xss/_xss_first.html.erb
index 4df444d..dc6e516 100755
--- a/app/views/layouts/tutorial/xss/_xss_first.html.erb
+++ b/app/views/layouts/tutorial/xss/_xss_first.html.erb
@@ -84,7 +84,7 @@
             <div class="accordion-inner">
               <p class="desc">
 				Apparently we had some issues rendering people's names with weird formatting or something, I dunno, I think I fixed it by safely encoding html and rendering the necessary content.<br/><br/>
-				Your <b>Welcome</b>!
+				You're <b>Welcome</b>!
 			  </p>
             </div>
           </div>

From 7ddec28bcc6613aad94ce3d56ae6cb7dad0b7334 Mon Sep 17 00:00:00 2001
From: GSMcNamara <holler@incless.com>
Date: Thu, 7 Nov 2013 15:02:31 -0500
Subject: [PATCH 2/3] Removed apostrophe

---
 app/views/layouts/tutorial/csrf/_csrf_first.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
index ff4f512..646f326 100755
--- a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
+++ b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
@@ -60,7 +60,7 @@
             <div class="accordion-inner">
               <p><b> Cross-Site Request Forgery ATTACK:</b></p>
 				<p class="desc">
-					The application allows users to update their calendar and schedule PTO events (PTO section). Due to the fact CSRF protections are disabled, the AJAX request will send the authenticity token but the application will <b>not</b> validate either it's presence or validity. Create an html page using the code shown below, authenticate as another user, click on it, review the new calendar (change the dates under date_range1). You should see this HTML code will work, even if you hadn't navigated to the PTO section prior to sending it.
+					The application allows users to update their calendar and schedule PTO events (PTO section). Due to the fact CSRF protections are disabled, the AJAX request will send the authenticity token but the application will <b>not</b> validate either its presence or validity. Create an html page using the code shown below, authenticate as another user, click on it, review the new calendar (change the dates under date_range1). You should see this HTML code will work, even if you hadn't navigated to the PTO section prior to sending it.
 				</p>
 			   	<p>
 				 <pre class="ruby">

From 09c0f07d8b45d514798390875e0549f155ab565c Mon Sep 17 00:00:00 2001
From: GSMcNamara <holler@incless.com>
Date: Thu, 7 Nov 2013 15:06:05 -0500
Subject: [PATCH 3/3] Lowercased a letter.

---
 app/views/layouts/tutorial/csrf/_csrf_first.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
index 646f326..1ae7ecd 100755
--- a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
+++ b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
@@ -84,7 +84,7 @@
 				
 			  <p><b> Cross-Site Request Forgery SOLUTION:</b></p>
 			  <p>
-				 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. There are two separate solutions around the JS problem.
+				 By default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. There are two separate solutions around the JS problem.
 			 </p>
 			 <p>  		
 				 Once protect_from_forgery is added back...