Essentially, exactly what the title states. I've never whitelisted before and don't know where to start. Do I need a gem? Help Please
Whitelisting is a basic programming notion regarding how input to a program is regarded as valid & good or bad.
Whitelist: checks against input looking for valid conditions and proceeding if all good; aborts action by default unless all is well.
Blacklist: checks against input looking for bad input and rejecting if so; aborting the action with an error if so, otherwise proceeding with action.
The realm of possible bad inputs is infinite, the realm of possible good inputs is finite therefore:
Whitelists check input like this
if %w(some valid input).include?(params[:input])
# proceed with action
else
# not in whitelist, throw error
end
Blacklists: (Dont do this)
if %(some invalid input).include?(params[:input])
# throw error, detected invalid
else
# proceed with action
end
Always apply a whitelist logic where possible above blacklist.