This is not just param extraction, we sanitize too
This commit is contained in:
@@ -6,11 +6,11 @@ class Bubbles::TaggingsController < ApplicationController
|
||||
end
|
||||
|
||||
def create
|
||||
@bubble.toggle_tag_with(tag_title_param)
|
||||
@bubble.toggle_tag_with(sanitized_tag_title_param)
|
||||
end
|
||||
|
||||
private
|
||||
def tag_title_param
|
||||
def sanitized_tag_title_param
|
||||
params.required(:tag_title).strip.gsub(/\A#/, "")
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user