Paul Lynch wrote in post #1121214:
> If, in your view, you are expecting params[:name] to be a string, but
> actually rails has parsed it into {"."=>"1234"} (or something more
> malicious), then currently
> <%= sanitize(params[:name]) %> blows up because the hash does not
> respond
> the expected methods from the sanitize call.
>
> I could put in code to check that the params values I am sanitizing are
> strings, but it seems like it would be better for sanitize to handle
> that,
> and perhaps just return the empty string if the processing of the input
> raises an exception.Hum. It seems to me that "blowing up" is the right thing to do in this scenario. More precisely an exception should be raised indicating a programmer mistake of passing an illegal argument to a method expecting a string. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c54d51850e1948568b77874beb9f21e1%40ruby-forum.com. For more options, visit https://groups.google.com/groups/opt_out.
