In your specific case (the one shown in your quickcast), Chrome is considering this a security risk because you're submitting a <script>
element containing javascript that's being inserted into the renderable contents of the page using [Rails' built-in] asynchronous javascript.
To avoid this, you could:
- Strip out the wrapping
<script>
tags using client-side logic before submitting the form, and then add them back in on the server before saving the record. - Disable Rails' built-in ajaxification of the update action in this controller, so that it submits through plain old HTML
- Add an intermediary redirect page between form submittal and viewing the show action