No description or website provided.
Latest commit 16e0b99 Sep 18, 2014 @charliesome charliesome 0.3.4
Failed to load latest commit information.
lib move symbolize_keys out from the private block Sep 19, 2014
test Fix bug in fetch and add unit tests. Oct 8, 2013
.gitignore Update Mar 10, 2012
Rakefile nfi if this rails hack works (I'm on a plane) Mar 6, 2012
tainted_hash.gemspec 0.3.4 Sep 19, 2014

Tainted Hash

A TaintedHash is a wrapper around a normal Hash that only exposes the keys that have been approved. This is useful in cases where a Hash is built from user input from an external service (such as Rails or Sinatra). By forcing the developer to approve keys, no unexpected keys are passed to data stores. Because of this specific use case, it is assumed all keys are strings.

By default, no keys have been approved.

hash = {'a' => 1, 'b' => 2, 'c' => 3}
tainted = hash

You can access keys manually to get the value and approve them:

Use #expose to expose keys.

tainted.include?(:a) # false
tainted['a'] # Returns 1
tainted[:a]  # Symbols are OK too.
tainted.include?(:a) # false, not exposed
tainted.expose :a
tainted.include?(:a) # true
tainted.keys # ['a']

If using Rails 2.3, require tainted_hash/rails to setup the necessary hooks. It amounts to little more than this:

def wrap_params_with_tainted_hash
  @_params =

Set this up as a before_filter early in the stack. However, it should run after filters like #filter_parameter_logging that needs to filter any key.

Note on Patches/Pull Requests

  1. Fork the project on GitHub.
  2. Make your feature addition or bug fix.
  3. Add tests for it. This is important so I don't break it in a future version unintentionally.
  4. Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  5. Send me a pull request. Bonus points for topic branches.