Open Issues Need Help
View All on GitHub Fix PagesController to use DB-validated slug instead of params for template rendering about 2 hours ago
AI Summary: The GitHub issue describes a security vulnerability in the generated `PagesController` where `params[:page]` is directly used for template rendering, allowing unsanitized user input to potentially render unintended templates or probe for existing ones. The proposed solution is to first validate the page slug against the database, retrieve the corresponding `@post` object, and then use the DB-validated slug (`@post.slug`) for template rendering.
Complexity:
3/5
enhancement good first issue
Bunko (文庫) in Japanese means a small personal library or book collection - a perfect name for a Rails gem that organizes your content elegantly.
Ruby