Skip to content

feat: [PPT-2454] sanitize attributes#313

Draft
chillfox wants to merge 11 commits into
masterfrom
PPT-2454-vulnerability-report-improper-sanitisation-of-inputs
Draft

feat: [PPT-2454] sanitize attributes#313
chillfox wants to merge 11 commits into
masterfrom
PPT-2454-vulnerability-report-improper-sanitisation-of-inputs

Conversation

@chillfox
Copy link
Copy Markdown
Contributor

@chillfox chillfox commented Apr 30, 2026
edited
Loading

...and fix ameba issues.

@chillfox chillfox self-assigned this Apr 30, 2026
@github-actions github-actions Bot added the type: enhancement new feature or request label Apr 30, 2026
@github-actions github-actions Bot added type: enhancement new feature or request and removed type: enhancement new feature or request labels Apr 30, 2026
@github-actions github-actions Bot added type: enhancement new feature or request and removed type: enhancement new feature or request labels May 1, 2026
@github-actions github-actions Bot added type: enhancement new feature or request and removed type: enhancement new feature or request labels May 1, 2026
@github-actions github-actions Bot added type: enhancement new feature or request and removed type: enhancement new feature or request labels May 1, 2026
@github-actions github-actions Bot added type: enhancement new feature or request and removed type: enhancement new feature or request labels May 1, 2026
@chillfox chillfox marked this pull request as ready for review May 1, 2026 02:40
@chillfox chillfox requested review from naqvis and stakach May 1, 2026 02:40
naqvis
naqvis reviewed May 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@naqvis naqvis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see we have introduced new attribute tag, but I don't see where is that handled and how that's going to handle. When we have introduced a tag, why do we need a separate before save hook? might be response to questions i have asked is buried under the linter noise.

@chillfox
Copy link
Copy Markdown
Contributor Author

chillfox commented May 5, 2026

@naqvis The attribute tag is in spider-gazelle/active-model@cfa6cba. The before_save is for types that are not handled by the attribute tag, like: JSON::Any, Set(String), Array(String).

@github-actions github-actions Bot added type: enhancement new feature or request and removed type: enhancement new feature or request labels May 5, 2026
@chillfox
Copy link
Copy Markdown
Contributor Author

chillfox commented May 19, 2026

I guess we should add Set(String) and Array(String) to https://github.com/spider-gazelle/active-model

@chillfox chillfox marked this pull request as draft May 19, 2026 07:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@naqvis naqvis naqvis left review comments

@stakach stakach Awaiting requested review from stakach

Assignees

@chillfox chillfox

Labels

type: enhancement new feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chillfox @naqvis