This gem makes it possible to handlle mass assignment in the controller.
It adds two methods:
#trusted_attributes- returns the trusted attributes.
.trust- defines the trusted attributes.
- It handles complex hashes. E.g. handles hashes that complies to
accepts_nested_attributes_for, even when nested on several levels. See spec for more info.
Include it in your application controller:
class ApplicationController < ActionController::Base include TrustedKeys end
Define which attributes to trust in the controller:
class EventsController < ApplicationController trust :title, :location, :start, :stop, :description, :attendees, :repeat, :min_number_of_attendees, :deadline, for: :event end
The above commands reads like this: trust the following attributes: 'title', ..., 'deadline', returned by the params[:event] hash.
Add this line to your application's Gemfile:
And then execute:
Or install it yourself as:
$ gem install trusted_keys
Other mass assignment controller protection gems
- Fork it
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Added some feature')
- Push to the branch (
git push origin my-new-feature)
- Create new Pull Request