Open boatrite opened 6 years ago
imajes
commented
5 years ago this is a meaningful change, but rather than using an unsafe hash we should figure out a way to safely dump this format. (although this is a dev tool, people may forget to not include it in prod, and debug lines always get dropped in...)
imajes
commented
5 years ago @boatride would you be willing to work on this to help get it ready for release, please? :)
boatrite
commented
5 years ago I don't think this causes any issues even if left in production. As far as I know, the whole unsafe hash thing is really only relevant when being passed in to a model -- to prevent arbitrarily set params from setting attributes on the model that shouldn't allowed to be set. It's not possible to pass the result of ap params into a model's update (or similar) method because the ap method returns nil anyways and not the hash.
As far as I know, unsafe refers to the fact that it's all of the key-value pairs with no filtering applied, and that is exactly the behavior we want when aping an ActionController::Parameters object.
I would be happy to work on this, but I don't see that anything needs to be changed about it. (aside from the test failures)
boatrite
commented
5 years ago Heyo @imajes , I added a commit to fix the test failure in Rails 3. There is one failure left, but it seems to be occurring in active record, using ruby-head with frozen string literals enabled. I haven't looked into it.
Do you have any thoughts re: unsafe hash? I might be misunderstanding, could you explain more about the changes you want me to make? :)
imajes
commented
5 years ago @boatrite thx for the update -- i'm gonna take this work and merge it into the v2 i've been working on :)
matthewhively
commented
3 years ago Since it doesn't appear that version 2.0 PR has changed much recently, would it be possible to get this merged into a release prior than 2.0?
…tionController::Parameters object