The "site_url" in the comment field is vulnerable to XSS. Since I already have a fork of your project which has diverged a bit you wont get a pull request - sorry. But you can fix it by replacing line 33 in blog_kit/app/models/blog_comment.rb with:
return "<a href="".html_safe << self.site_url << "">".html_safe << name << "".html_safe
The "site_url" in the comment field is vulnerable to XSS. Since I already have a fork of your project which has diverged a bit you wont get a pull request - sorry. But you can fix it by replacing line 33 in blog_kit/app/models/blog_comment.rb with:
return "<a href="".html_safe << self.site_url << "">".html_safe << name << "".html_safe