I'm working on a project (Active Admin) that needs to be able to build
links on the page (e.g. pagination) that include arbitrary query parameters
that the user has entered.

Since `url_for` symbolizes any keys passed to it, for obvious memory
concerns you can't just pass the entire params hash.

In Rails 3.2, however, you can do this:

include Rails.application.routes.url_helpersurl_for action: 'index', controller: 'employees', host: 'foo.bar', params: {'eee' => 3}# => "http://foo.bar/employees?eee=3"Symbol.all_symbols.map(&:to_s).include? 'eee'# => false

In other words, you can pass `params: request.query_parameters` to
`url_for` to avoid the potential DOS issue.

However we still support Rails 3.0 and 3.1, and they completely ignore

Save for monkeypatching, has anyone found a way to safely provide this

Sean Linsley

You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/7r7n5_gT6dkJ.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
postedApr 9, '13 at 9:31a
activeApr 9, '13 at 9:31a

1 user in discussion

Sean Linsley: 1 post



site design / logo © 2022 Grokbase