Default whitelist changes the default strategy for mass-assignment protection in Ruby on Rails to whitelisting by default. Currently, one must explictly declare which attributes are mass-assignable, e.g. with ActiveRecord::Base#update_attributes
or all attributes can be mass-assigned. This might not be sensible default as simple omission can leave applications with obvious security vulnerabilities, n.b. Github.
To install:
gem install default_whitelist
To use:
require default_whitelist