[ci skip] change all instances of blacklist and whitelist to denylist… #33681
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
justizin
approved these changes
Aug 22, 2018
There was a problem hiding this comment.
Thank you so much for working on this. I totally agree with the reasons for changing those terms.
I think we can improve most of those texts with different words than allowedlist. I made some comments with suggestions but I didn't got to review the whole patch with suggestion to avoid put a lot of comments.
Can you review the changes to make the text to look more fluid?
guides/source/4_0_release_notes.md
Outdated
| @@ -70,7 +70,7 @@ Major Features | |||
|
|
|||
| ### ActionPack | |||
|
|
|||
| * **Strong parameters** ([commit](https://github.com/rails/rails/commit/a8f6d5c6450a7fe058348a7f10a908352bb6c7fc)) - Only allow whitelisted parameters to update model objects (`params.permit(:title, :text)`). | |||
| * **Strong parameters** ([commit](https://github.com/rails/rails/commit/a8f6d5c6450a7fe058348a7f10a908352bb6c7fc)) - Only allow allowlisted parameters to update model objects (`params.permit(:title, :text)`). | |||
There was a problem hiding this comment.
Maybe: Only allow trusted parameters to updated model objects?
guides/source/4_1_release_notes.md
Outdated
| @@ -719,7 +719,7 @@ for detailed changes. | |||
| responsibilities within a | |||
| class. ([Commit](https://github.com/rails/rails/commit/1eee0ca6de975b42524105a59e0521d18b38ab81)) | |||
|
|
|||
| * Added `Object#presence_in` to simplify value whitelisting. | |||
| * Added `Object#presence_in` to simplify value allowlisting. | |||
| @@ -193,7 +193,7 @@ In a given request, the method is not actually called for every single generated | |||
|
|
|||
| With strong parameters, Action Controller parameters are forbidden to | |||
| be used in Active Model mass assignments until they have been | |||
| whitelisted. This means that you'll have to make a conscious decision about | |||
| allowlisted. This means that you'll have to make a conscious decision about | |||
There was a problem hiding this comment.
"allowed" seems better here.
| @@ -269,7 +269,7 @@ but be careful because this opens the door to arbitrary input. In this | |||
| case, `permit` ensures values in the returned structure are permitted | |||
| scalars and filters out anything else. | |||
|
|
|||
| To whitelist an entire hash of parameters, the `permit!` method can be | |||
| To allowlist an entire hash of parameters, the `permit!` method can be | |||
| @@ -291,7 +291,7 @@ params.permit(:name, { emails: [] }, | |||
| { family: [ :name ], hobbies: [] }]) | |||
| ``` | |||
|
|
|||
| This declaration whitelists the `name`, `emails`, and `friends` | |||
| This declaration allowlists the `name`, `emails`, and `friends` | |||
guides/source/configuring.md
Outdated
| @@ -275,7 +275,7 @@ config.middleware.delete Rack::MethodOverride | |||
|
|
|||
| All these configuration options are delegated to the `I18n` library. | |||
|
|
|||
| * `config.i18n.available_locales` whitelists the available locales for the app. Defaults to all locale keys found in locale files, usually only `:en` on a new application. | |||
| * `config.i18n.available_locales` allowlists the available locales for the app. Defaults to all locale keys found in locale files, usually only `:en` on a new application. | |||
guides/source/configuring.md
Outdated
| @@ -444,7 +444,7 @@ The schema dumper adds two additional configuration options: | |||
|
|
|||
| * `config.action_controller.action_on_unpermitted_parameters` enables logging or raising an exception if parameters that are not explicitly permitted are found. Set to `:log` or `:raise` to enable. The default value is `:log` in development and test environments, and `false` in all other environments. | |||
|
|
|||
| * `config.action_controller.always_permitted_parameters` sets a list of whitelisted parameters that are permitted by default. The default values are `['controller', 'action']`. | |||
| * `config.action_controller.always_permitted_parameters` sets a list of allowlisted parameters that are permitted by default. The default values are `['controller', 'action']`. | |||
| @@ -888,7 +888,7 @@ do that with `local_variables`. | |||
|
|
|||
| ### Settings | |||
|
|
|||
| * `config.web_console.whitelisted_ips`: Authorized list of IPv4 or IPv6 | |||
| * `config.web_console.allowlisted_ips`: Authorized list of IPv4 or IPv6 | |||
There was a problem hiding this comment.
This one we can't change without changing the web_console too and allowed_ips sounds better.
guides/source/form_helpers.md
Outdated
| @@ -999,7 +999,7 @@ remove addresses: | |||
| <% end %> | |||
| ``` | |||
|
|
|||
| Don't forget to update the whitelisted params in your controller to also include | |||
| Don't forget to update the allowlisted params in your controller to also include | |||
guides/source/form_helpers.md
Outdated
| @@ -953,7 +953,7 @@ If the associated object is already saved, `fields_for` autogenerates a hidden i | |||
| ### The Controller | |||
|
|
|||
| As usual you need to | |||
| [whitelist the parameters](action_controller_overview.html#strong-parameters) in | |||
| [allowlist the parameters](action_controller_overview.html#strong-parameters) in | |||
|
@rafaelfranca Thanks for combing through for those awkward grammar. I've fixed all of them, mostly with your suggestion in the new commit. |
yskkin
reviewed
Aug 22, 2018
| @@ -1200,7 +1200,7 @@ to the database as `NULL` instead of passing the `nil` value through YAML (`"--- | |||
| * Rails 4.0 has removed `attr_accessible` and `attr_protected` feature in favor of Strong Parameters. You can use the [Protected Attributes gem](https://github.com/rails/protected_attributes) for a smooth upgrade path. | |||
|
|
|||
| * If you are not using Protected Attributes, you can remove any options related to | |||
| this gem such as `whitelist_attributes` or `mass_assignment_sanitizer` options. | |||
| this gem such as `allowlist_attributes` or `mass_assignment_sanitizer` options. | |||
There was a problem hiding this comment.
I guess we cannot change this unless we change Protected Attributes gem.
| @@ -999,7 +999,7 @@ remove addresses: | |||
| <% end %> | |||
| ``` | |||
|
|
|||
| Don't forget to update the whitelisted params in your controller to also include | |||
| Don't forget to update the permitted params in your controller to also include | |||
There was a problem hiding this comment.
By renaming whitelist to a mixture of:
- permitted
- allowed
- trusted
we're only creating more confusion.
There was a problem hiding this comment.
I think we could reword this to consistently use "permit" or "permitted".
There was a problem hiding this comment.
@tenderlove Roger that.
tenderlove
approved these changes
Aug 22, 2018
There was a problem hiding this comment.
I added some comments. I really like this change, but I think we should try to consistently use "permitted" (consistency should help people reading the docs, plus it shares the name of the method). "Denylist" seems kind of awkward, but I'm having a hard time thinking of an antonym for "permit" besides "deny". 😊
| @@ -193,7 +193,7 @@ In a given request, the method is not actually called for every single generated | |||
|
|
|||
| With strong parameters, Action Controller parameters are forbidden to | |||
| be used in Active Model mass assignments until they have been | |||
| whitelisted. This means that you'll have to make a conscious decision about | |||
| allowed. This means that you'll have to make a conscious decision about | |||
There was a problem hiding this comment.
This should probably be "what is allowed" (or "what is permitted")
There was a problem hiding this comment.
"...until they have been what is permitted." doesn't seem to make sense. 🤔
| @@ -241,7 +241,7 @@ Given | |||
| params.permit(:id) | |||
| ``` | |||
|
|
|||
| the key `:id` will pass the whitelisting if it appears in `params` and | |||
| the key `:id` will pass the allowlisting if it appears in `params` and | |||
There was a problem hiding this comment.
the key
:idwill be permitted if it appears inparamsand
or possibly
the key
:idwill be permitted for inclusion if it appears inparamsand
| @@ -349,7 +349,7 @@ end | |||
|
|
|||
| The strong parameter API was designed with the most common use cases | |||
| in mind. It is not meant as a silver bullet to handle all of your | |||
| whitelisting problems. However, you can easily mix the API with your | |||
| allowlisting problems. However, you can easily mix the API with your | |||
There was a problem hiding this comment.
parameter filtering problems.
guides/source/getting_started.md
Outdated
| assignment. In this case, we want to both allow and require the `title` and | ||
| `text` parameters for valid use of `create`. The syntax for this introduces | ||
| `require` and `permit`. The change will involve one line in the `create` action: | ||
| We have to define our permitted controller parameters to prevent wrongful mass assignment. In this case, we want to both allow and require the `title` and `text` parameters for valid use of `create`. The syntax for this introduces `require` and `permit`. The change will involve one line in the `create` action: |
There was a problem hiding this comment.
I think this paragraph needs to be wrapped
guides/source/i18n.md
Outdated
| @@ -77,8 +77,8 @@ There are also attribute readers and writers for the following attributes: | |||
| load_path # Announce your custom translation files | |||
| locale # Get and set the current locale | |||
| default_locale # Get and set the default locale | |||
| available_locales # Whitelist locales available for the application | |||
| enforce_available_locales # Enforce locale whitelisting (true or false) | |||
| available_locales # Allowlist locales available for the application | |||
guides/source/i18n.md
Outdated
| @@ -128,7 +128,7 @@ The load path must be specified before any translations are looked up. To change | |||
| # Where the I18n library should search for translation files | |||
| I18n.load_path += Dir[Rails.root.join('lib', 'locale', '*.{rb,yml}')] | |||
|
|
|||
| # Whitelist locales available for the application | |||
| # Allowlist locales available for the application | |||
|
@tenderlove How do you feel about "restricted list" or "restrict" as an alternative? |
Sounds good to me! 😄 |
…restricted list and consistently use permitted
guilleiguaran
approved these changes
Aug 23, 2018
rafaelfranca
approved these changes
Aug 23, 2018
This was referenced Nov 9, 2018
8 tasks
koic
added a commit
to koic/rubocop
that referenced
this pull request
Nov 3, 2019
### Summary Follow up rubocop#6464, rubocop#6466, and rubocop#6467. This PR changes a terminology from `Whitelist` and `Blacklist` to `Allowlist` and `Denylist`. This change is an obvious breaking change to some cop options. So I'd like to introduce it before RuboCop 1.0 if this change is acceptable. ### Other Information This change has also been made in Rails repository and other repos. rails/rails#33681
bbatsov
pushed a commit
to rubocop/rubocop
that referenced
this pull request
Nov 5, 2019
### Summary Follow up #6464, #6466, and #6467. This PR changes a terminology from `Whitelist` and `Blacklist` to `Allowlist` and `Denylist`. This change is an obvious breaking change to some cop options. So I'd like to introduce it before RuboCop 1.0 if this change is acceptable. ### Other Information This change has also been made in Rails repository and other repos. rails/rails#33681
This was referenced Jun 3, 2020
Closed
Merged
Closed
jcoyne
added a commit
to jcoyne/rubocop-rails
that referenced
this pull request
Jun 23, 2020
Use terminology which is more descriptive and is consistent with the direction of some upstream libraries: rubocop/rubocop#6467 rails/rails#33681
jcoyne
added a commit
to jcoyne/rubocop-rails
that referenced
this pull request
Jun 23, 2020
Use terminology which is more descriptive and is consistent with the direction of some upstream libraries: rubocop/rubocop#6467 rails/rails#33681
jcoyne
added a commit
to jcoyne/rubocop-rails
that referenced
this pull request
Jun 23, 2020
Use terminology which is more descriptive and is consistent with the direction of some upstream libraries: rubocop/rubocop#6467 rails/rails#33681
jcoyne
added a commit
to jcoyne/rubocop-rails
that referenced
this pull request
Jun 23, 2020
Use terminology which is more descriptive and is consistent with the direction of some upstream libraries: rubocop/rubocop#6467 rails/rails#33681
jcoyne
added a commit
to jcoyne/rubocop-rails
that referenced
this pull request
Jun 23, 2020
Use terminology which is more descriptive and is consistent with the direction of some upstream libraries: rubocop/rubocop#6467 rails/rails#33681
jcoyne
added a commit
to jcoyne/rubocop-rails
that referenced
this pull request
Jun 24, 2020
Use terminology which is more descriptive and is consistent with the direction of some upstream libraries: rubocop/rubocop#6467 rails/rails#33681
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
… and allowlist
Summary
Per DHH, changed occurrence of "blacklist" to "denylist" and "whitelist" to "allowlist" in Rails documentation files. This pull request closes this issue.
Other Information
Adhering to information from the contribution guidelines re: documentation changes, only files in
rails/guides/sourcewere changed.Finally, if your pull request affects documentation or any non-code
changes, guidelines for those changes are available
here
Thanks for contributing to Rails!