I’m working on a project (Active Admin) that needs to be able to build
links on the page (e.g. pagination) that include arbitrary query
parameters
that the user has entered.
Since url_for
symbolizes any keys passed to it, for obvious memory
concerns you can’t just pass the entire params hash.
In Rails 3.2, however, you can do this:
include Rails.application.routes.url_helpersurl_for action: ‘index’,
controller: ‘employees’, host: ‘foo.bar’, params: {‘eee’ => 3}# =>
"http://foo.bar/employees?eee=3"Symbol.all_symbols.map(&:to_s).include?
‘eee’# => false
In other words, you can pass params: request.query_parameters
to
url_for
to avoid the potential DOS issue.
However we still support Rails 3.0 and 3.1, and they completely ignore
:params
.
Save for monkeypatching, has anyone found a way to safely provide this
functionality?
Thanks,
Sean Linsley