Thanks for the reply, Jordon. I didn't quite understand what you mean by "that fix". Do you mean the security fix which caused my problem or the patch described by the blog post I mentioned above which might relieve my problem?
I've tracked down the line that I'm receiving from the web service that is causing the problem: <myattr type="symbol">myvalue</src> Is my recommended action to change the value returned by the web service to be a string, then change my client so that it expects a string as a return value? I'm not sure what is dangerous about interpreting a value as a symbol. Can you give me an example of what could replace myvalue that would create havoc? On Mon, Jan 14, 2013 at 9:26 AM, Jordon Bedwell <[email protected]> wrote: > On Mon, Jan 14, 2013 at 8:23 AM, Paul <[email protected]> wrote: > > Has anyone started seeing the error: > > > > Disallowed type attribute: "symbol" > > I found this blog entry which seems to completely describe the problem: > > > http://techtime.getharvest.com/blog/activeresource-xml-bug-fix-for-rails-3-dot-0-19 > > but it claims that the problem was only in older versions of Rails. > > > > There is a proposed fix for Rails 3.0, but that obviously wouldn't help > me. > > > > I was wondering if the problem was in all versions of Rails, not just > 3.0. > > It did just appear and neither my web service nor the ActiveResource > model > > has changed recently. > > That fix was brought into all currently maintained versions of Rails. > You should not be symbolizing untrusted input anyways, unless you like > opening up a world of hurt. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
