merb_param_protection
Folders and files
Name | Name | Last commit date | ||
---|---|---|---|---|
parent directory.. | ||||
merb_param_protection ================= This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available within the controller. Setup: The request sets: params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } } Example 1: params_accessable MyController < Application params_accessible :post => [:title, :body] end params.inspect # => { :post => { :title => "ello", :body => "Want it" } } So we see that params_accessible removes everything except what is explictly specified. Example 2: params_protected MyOtherController < Application params_protected :post => [:status, :author_id] end params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } } We also see that params_protected removes ONLY those parameters explicitly specified.