Rails 健壮参数的写法

nuanshuidai · August 06, 2017 · Last by rennyallen replied at August 07, 2017 · 1630 hits

健壮参数有没有反选写法?

active_support 有给 Hash 补上一个叫 except 的方法

但是你无法预估前端会传来什么破坏性的参数,所以反选是不健壮的

https://stackoverflow.com/questions/18844435/rails-4-strong-parameters-can-i-exclude-blacklist-attributes-instead-of-pe

params.require(:user).except!(:account_id, :is_admin).permit!

最好不要这么干,有潜在的安全隐患,还是用白名单吧

You need to Sign in before reply, if you don't have an account, please Sign up first.