On Wed, Sep 11, 2013 at 3:36 PM, Paul E. G. Lynch wrote:
> If, in your view, you are expecting params[:name] to be a string, but
> actually rails has parsed it into {"."=>"1234"} (or something more
> malicious)
Params are strings by definition; can you provide a test case/code
that demonstrates w
If, in your view, you are expecting params[:name] to be a string, but
actually rails has parsed it into {"."=>"1234"} (or something more
malicious), then currently
<%= sanitize(params[:name]) %> blows up because the hash does not respond
the expected methods from the sanitize call.
I could put
2 matches
Mail list logo