Hello,
Recently I was looking into upgrading one of our Rails 3.2 apps to use
strong_parameters. I encountered what seems like a flaw to me and I would
like
to spark discussion about this, hoping for personal learning and potential
improvement of the rails framework.
The switch from protected at
Generally speaking I believe developers should be careful/responsible for
handling what they are sending to their models for mass assignment, and
there's where strong params help. The ideal solution indeed would be for
Parameters not to inherit from Hash, which is something Rails will likely
be cha
On Aug 6, 2014, at 12:51 PM, johannes.schlumber...@appfolio.com wrote:
[snip]
>
> Why does that matter?
> It matters because it is possible for a developer to accidentally lose that
> capability accidentally very easily on the way from the controller (where
> permit happened and the capability g
Hi everyone,
I went ahead and made a strong_parameters compatible gem [1] whose
Parameter class does not inherit from Hash anymore. It does not have any
ancestors.
The syntax for permit statements is identical to strong_parameters, the
require feature is supported and parameters can be accessed
We already have plans to make Parameters not inherited from Hash before Rails
4.2, but we couldn't do it because it breaks backward compatibility. What we
did, instead, was to make sure we have test to cover those cases, and
reimplement those methods that leaked Hash object.
https://github.c
ers safety issue enables accidental
mass assignment
We already have plans to make Parameters not inherited from Hash before Rails
4.2, but we couldn't do it because it breaks backward compatibility. What we
did, instead, was to make sure we have test to cover those cases, and
reimpleme
