Please read for an updated status on RailsCasts:
Learn more or hide this
GitHub User: ytaras
Do we have XSS vulnerability because of displaying 'raw tags.map'? Hacker could inject some sort of malicious code in a tag name so it would be sent to user without escaping.