Would anyone comment on (newly created) pull request 31874
<https://github.com/rails/rails/pull/31874>? The change to handling of
block elements in the params filter list enables a strategy to white-list,
rather than black-list the params.
It *does* change behavior. I had to alter a test.
Before I do any more work on this, I want to know if it is looked upon
favorably and would be at all likely to be merged.
On Wednesday, April 5, 2017 at 4:05:37 PM UTC-3, Bruno Facca wrote:
> Is there any reason why config.filter_parameters uses a blacklist
> approach? Why not convert it into a whitelist?
> Whitelisting tends to be safer than blacklisting as developers may forget
> to blacklist parameters containing sensitive data.
> Kind Regards,
> Bruno Facca
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.