aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
diff options
context:
space:
mode:
authorRafael França <rafaelmfranca@gmail.com>2017-04-19 16:57:23 -0400
committerGitHub <noreply@github.com>2017-04-19 16:57:23 -0400
commit3d1154f7eac660f4f43554d7fa88e5c9c7e4887d (patch)
treeca3bd1d06e90ea7dcde276f56262ae9a1cc15413 /actionview
parent54fa07f2c87a7aad9a17539e409497e46d2607cd (diff)
parent93034ad7fea7e00562103a7cd0acfab19bbfadf9 (diff)
downloadrails-3d1154f7eac660f4f43554d7fa88e5c9c7e4887d.tar.gz
rails-3d1154f7eac660f4f43554d7fa88e5c9c7e4887d.tar.bz2
rails-3d1154f7eac660f4f43554d7fa88e5c9c7e4887d.zip
Merge pull request #28734 from rafaelfranca/strong-parameters
Improve the upgrade path of Strong Parameters
Diffstat (limited to 'actionview')
-rw-r--r--actionview/lib/action_view/helpers/url_helper.rb5
-rw-r--r--actionview/test/template/url_helper_test.rb6
2 files changed, 5 insertions, 6 deletions
diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb
index 304db38060..70fc57c35f 100644
--- a/actionview/lib/action_view/helpers/url_helper.rb
+++ b/actionview/lib/action_view/helpers/url_helper.rb
@@ -621,11 +621,6 @@ module ActionView
# # => [{name: 'country[name]', value: 'Denmark'}]
def to_form_params(attribute, namespace = nil)
attribute = if attribute.respond_to?(:permitted?)
- unless attribute.permitted?
- raise ArgumentError, "Attempting to generate a button from non-sanitized request parameters!" \
- " Whitelist and sanitize passed parameters to be secure."
- end
-
attribute.to_h
else
attribute
diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb
index 09454b32cc..a6444a1686 100644
--- a/actionview/test/template/url_helper_test.rb
+++ b/actionview/test/template/url_helper_test.rb
@@ -231,7 +231,11 @@ class UrlHelperTest < ActiveSupport::TestCase
end
def to_h
- { foo: :bar, baz: "quux" }
+ if permitted?
+ { foo: :bar, baz: "quux" }
+ else
+ raise ArgumentError
+ end
end
end