Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Add usage example for use outside controllers

  • Loading branch information...
commit de58602598e9ade1f3dbc03f56eafe51cd67ff3e 1 parent dc183fd
@bemurphy bemurphy authored
Showing with 5 additions and 1 deletion.
  1. +5 −1 README.rdoc
6 README.rdoc
@@ -67,7 +67,11 @@ that you will need to sanitize untrusted data used for mass assignment when in u
For example, if you retrieve JSON data from a third party API call and pass the unchecked parsed result on to
+Model.create+, undesired mass assignments could take place. You can alleviate this risk by slicing the hash data,
or wrapping the data in a new instance of +ActionController::Parameters+ and declaring permissions the same as
-you would in a controller.
+you would in a controller. For example:
+ raw_parameters = { :email => "", :name => "John", :admin => true }
+ parameters =
+ user = User.create(parameters.permit(:name, :email))
== Installation
Please sign in to comment.
Something went wrong with that request. Please try again.