Unions multiple scopes on a model, and returns an instance of ActiveRecord::Relation.

union_scope.rb

module ActiveRecord::UnionScope
  def self.included(base)
    base.send :extend, ClassMethods
  end
  
  module ClassMethods
    def union_scope(*scopes)
      id_column = "#{table_name}.#{primary_key}"
      sub_query = scopes.map { |s| s.select(id_column).to_sql }.join(" UNION ")
      where "#{id_column} IN (#{sub_query})"
    end
  end
end

id_column = "#{table_name}.#{primary_key}"
sub_query = scopes.map { |s| s.select(id_column).to_sql }.join(" UNION ")
where "#{id_column} IN (#{sub_query})"

1. Is this secure against XSS or SQLi?
2. I'm new with ruby on rails. Can you use
   where('? IN (?)', id_column, sub_query)
   instead of
   where "#{id_column} IN (#{sub_query})

Cheers