diff --git a/app/controllers/homepage_controller.rb b/app/controllers/homepage_controller.rb
index 91d424e2d..e77613c58 100644
--- a/app/controllers/homepage_controller.rb
+++ b/app/controllers/homepage_controller.rb
@@ -19,7 +19,7 @@ def edit
   end
 
   def update
-    @latest_popular_links.link_items = remove_leading_and_trailing_url_spaces(params[:popular_links].values)
+    @latest_popular_links.link_items = remove_leading_and_trailing_url_spaces(permitted_params.values)
     @latest_popular_links.save_draft
 
     flash[:success] = "Popular links draft saved.".html_safe
@@ -72,6 +72,10 @@ def confirm_destroy
 
 private
 
+  def permitted_params
+    params.permit(popular_links: %i[title url])
+  end
+
   def cannot_delete_published_error_message
     "Can't delete an already published edition. Please create a new edition to make changes.".html_safe
   end
@@ -108,7 +112,7 @@ def remove_leading_and_trailing_url_spaces(links)
     link_items = []
     links.each do |link|
       link[:url] = link[:url].strip
-      link_items << link
+      link_items << link.to_h
     end
     link_items
   end