diff options
author | Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> | 2012-12-08 02:11:47 -0800 |
---|---|---|
committer | Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> | 2012-12-08 02:11:47 -0800 |
commit | 236bed9f1dc08792566d8cbf5e69aa4bd6ed514f (patch) | |
tree | 4f1b3bfacf0cf64e74b9d7b45d94ab3b494170c4 /guides/source/security.md | |
parent | 0eedfec8b5f9b49ec6cb154adfe27e5507736413 (diff) | |
parent | f19e41fb16ea77422e0061fd47139d4d01a44f0c (diff) | |
download | rails-236bed9f1dc08792566d8cbf5e69aa4bd6ed514f.tar.gz rails-236bed9f1dc08792566d8cbf5e69aa4bd6ed514f.tar.bz2 rails-236bed9f1dc08792566d8cbf5e69aa4bd6ed514f.zip |
Merge pull request #8462 from frodsan/update_guides_action_callbacks
Update guides to use _action callbacks [ci skip]
Diffstat (limited to 'guides/source/security.md')
-rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 6c32a8ff5b..532a1ae5cc 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -688,7 +688,7 @@ NOTE: _When sanitizing, protecting or verifying something, whitelists over black A blacklist can be a list of bad e-mail addresses, non-public actions or bad HTML tags. This is opposed to a whitelist which lists the good e-mail addresses, public actions, good HTML tags and so on. Although sometimes it is not possible to create a whitelist (in a SPAM filter, for example), _prefer to use whitelist approaches_: -* Use before_filter only: [...] instead of except: [...]. This way you don't forget to turn it off for newly added actions. +* Use before_action only: [...] instead of except: [...]. This way you don't forget to turn it off for newly added actions. * Use attr_accessible instead of attr_protected. See the mass-assignment section for details * Allow <strong> instead of removing <script> against Cross-Site Scripting (XSS). See below for details. * Don't try to correct user input by blacklists: |