Created by: zshannon
ActionPack 5 throws up Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.
if we don't permit params prior to url_for
(called via link_to
here).
I just threw in .permit!
here because:
- this is a show stopping error that breaks rendering
:index
, and - "attackers" shouldn't have access to admin