#143 Treat models and arrays of models as safe input to redirect_to
This is an enhancement and and a bug fix. Models use polymorphic routes and should be considered safe as do arrays. Treat arrays containing things other than models as unsafe as well.
Showing
想要评论请 注册 或 登录