add documentation about a possible security issue

AaronLasseigne · Mar 29, 2014 · a86ae75 · a86ae75
1 parent 77046cb
commit a86ae75
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/active_interaction/filters/hash_filter.rb b/lib/active_interaction/filters/hash_filter.rb
@@ -8,7 +8,11 @@ class Base
     #
     #   @!macro filter_method_params
     #   @param block [Proc] filter methods to apply for select keys
-    #   @option options [Boolean] :strip (true) strip unknown keys
+    #   @option options [Boolean] :strip (true) strip unknown keys (Note: All
+    #     keys are symbolized. Ruby does not GC symbols so this can cause
+    #     memory bloat. Setting this option to `false` and passing in non-safe
+    #     input (e.g. Rails `params`) opens your software to a denial of
+    #     service attack.)
     #
     #   @example
     #     hash :order