Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add usage example for use outside controllers

  • Loading branch information...
commit de58602598e9ade1f3dbc03f56eafe51cd67ff3e 1 parent dc183fd
@bemurphy bemurphy authored
Showing with 5 additions and 1 deletion.
  1. +5 −1 README.rdoc
View
6 README.rdoc
@@ -67,7 +67,11 @@ that you will need to sanitize untrusted data used for mass assignment when in u
For example, if you retrieve JSON data from a third party API call and pass the unchecked parsed result on to
+Model.create+, undesired mass assignments could take place. You can alleviate this risk by slicing the hash data,
or wrapping the data in a new instance of +ActionController::Parameters+ and declaring permissions the same as
-you would in a controller.
+you would in a controller. For example:
+
+ raw_parameters = { :email => "john@example.com", :name => "John", :admin => true }
+ parameters = ActionController::Parameters.new(raw_parameters)
+ user = User.create(parameters.permit(:name, :email))
== Installation
Please sign in to comment.
Something went wrong with that request. Please try again.