rails

History

Hartley McGuire 24213d6954 Prevent assigning internal ivars to AV::Base Previously, both the `@rendered_format` and `@marked_for_same_origin_verification` instance variables would be assigned to instances of `ActionView::Base`, making them accessible in view templates. However, these instance variables are really internal to the controller and result in extra string allocations because the `@` gets stripped and readded when going through the assignment. This commit prefixes the variables with an underscore to help indicate that they are internal, and then adds them to the list of `_protected_ivars` to prevent assigning them when rendering templates. Co-authored-by: Jean Boussier <jean.boussier@gmail.com> Co-authored-by: Jonathan Hefner <jonathan@hefner.pro>	2023-11-03 20:52:47 -04:00
..
abstract	Merge pull request #42945 from jhawthorn/hash_match	2021-08-23 10:47:58 -07:00
controller	Prevent assigning internal ivars to AV::Base	2023-11-03 20:52:47 -04:00

Hartley McGuire 24213d6954

Prevent assigning internal ivars to AV::Base

Previously, both the `@rendered_format` and
`@marked_for_same_origin_verification` instance variables would be
assigned to instances of `ActionView::Base`, making them accessible in
view templates. However, these instance variables are really internal to
the controller and result in extra string allocations because the `@`
gets stripped and readded when going through the assignment.

This commit prefixes the variables with an underscore to help indicate
that they are internal, and then adds them to the list of
`_protected_ivars` to prevent assigning them when rendering templates.

Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
Co-authored-by: Jonathan Hefner <jonathan@hefner.pro>

2023-11-03 20:52:47 -04:00

abstract

Merge pull request #42945 from jhawthorn/hash_match

2021-08-23 10:47:58 -07:00

controller

Prevent assigning internal ivars to AV::Base

2023-11-03 20:52:47 -04:00