7 Matching Annotations
- Feb 2021
-
github.com github.com
-
By explicitly defining the form layout using ::property there is no more need for protecting from unwanted input. strong_parameter or attr_accessible become obsolete. Reform will simply ignore undefined incoming parameters.
-
-
-
ActiveForm has the attribute allow-listing by default. Any attribute in the list will be allowed
-
- Jan 2021
-
howtowhitelist.com howtowhitelist.com
Tags
Annotators
URL
-
- Sep 2020
-
github.com github.com
-
Instead of deprecating the :action segment entirely, only deprecate it if there isn't a qualifier (in our case, we have a Regex whitelist). If a Regex isn't acceptable, perhaps create a specific "whitelist" constraint on the :action segment, and don't allow dynamic :actions without the whitelist constraint.
Tags
Annotators
URL
-
- Jul 2020
-
ruby-prof.github.io ruby-prof.github.io
-
ruby-prof provides two options to specify which threads should be profiled: exclude_threads:: Array of threads which should not be profiled. include_threads:: Array of threads which should be profiled. All other threads will be ignored.
Tags
Annotators
URL
-
- Apr 2020
-
wpvip.com wpvip.com
-
This style of validation most closely follows WordPress’ whitelist philosophy: only allow the user to input what you’re expecting.
-
-
guides.rubyonrails.org guides.rubyonrails.org
-
When sanitizing, protecting or verifying something, prefer whitelists over blacklists.
-