Please sign in to comment.
[ci skip] Avoid suggesting dangerous code in i18n guide
Calling `to_sym` on user input opens apps up to Denial of Service attacks, via the symbol table being expanded to consume vast swathes of memory. It is a fairly common configuration to have DNS configured such that all subdomains route to your Rails app, in which case an attacker visits `www1.foo.com`, `www2.foo.com`, and so on until something gives. It is far less likely to have this problem with TLDs, so that change was only for consistency.
- Loading branch information...