On Thu, Sep 12, 2013 at 9:26 AM, Paul Lynch <plynch...@gmail.com> wrote: > In this case it is user (hacker, scanner, etc.), not the programmer, who has > passed the illegal argument. I don't think that should result in a 500 > server error. To avoid that, either the programmer has to check each input > parameter to make sure it is a string, or something like sanitize has to > make the parameter safe.
It's your problem and even more so *your* job to enforce types, not sanitizes problem to enforce your type. Sanitize is a helper, it is not part of your normal routing therefore it should not have to allow you be more oblivious as to what is going on in your software and how to handle and think about intentional/misintentional malicious users. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAM5XQny571Ov5F4_Jw4HQLkgG%3Dt4Y%3DW3CbjVBoc-Zoa6k8Vixw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.