No need to give an example where there is generated code right there to serve as the example

railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb

@@ -104,11 +104,7 @@ def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
     end
 
-    # Use this method to whitelist the permissible parameters. Example:
-    #   params.require(:person).permit(:name, :age)
-    #
-    # Also, you can specialize this method with per-user checking of permissible
-    # attributes.
+    # Never trust parameters from the scary internet, only allow the white list through.
     def <%= "#{singular_table_name}_params" %>
       <%- if attributes_names.empty? -%>
       params[<%= ":#{singular_table_name}" %>]