I'm clueless about whitelisting. Where do I put the
if %w(some valid input).include?(params[:input])
# proceed with action
else
# not in whitelist, throw error
end
and how do I call it from the submit action of a form?
I don't really know what you expect but this could be the job of a before_filter.
It'd keep your controller dry. See doc.
In your controller, try this:
before_filter :check_params, :only => [:index, :whatever_action_name]
def check_params
raise ActionController::RoutingError.new('Missing params') unless %w(some valid input).include?(params[:input])
end