Would anyone comment on (newly created) pull request 31874 <https://github.com/rails/rails/pull/31874>? The change to handling of block elements in the params filter list enables a strategy to white-list, rather than black-list the params.
It *does* change behavior. I had to alter a test. Before I do any more work on this, I want to know if it is looked upon favorably and would be at all likely to be merged. On Wednesday, April 5, 2017 at 4:05:37 PM UTC-3, Bruno Facca wrote: > > Is there any reason why config.filter_parameters uses a blacklist > approach? Why not convert it into a whitelist? > > Whitelisting tends to be safer than blacklisting as developers may forget > to blacklist parameters containing sensitive data. > > Kind Regards, > Bruno Facca > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
