Hello there,
While working on a project, I notice something very weird :S
If I type this in the URL http://localhost:3000/my/friends/index/5
it changed all the URL :S:S:S:S http://localhost:3000/my/friends/index/5?group=Friends
My link_to is very simple <%= link_to group.name, :group => group.name %>
This way Rubyonrails will open security issues in my application :S like cross site scripting???
Huh? how so?
How do I prevent this and thanks for your help.
Add your controller, with a leading slash. That will prevent defaults from being used in your link:
<%= link_to group.name, :controller => '/my/friends', :group => group.name %>
This is documented at ActionController::Base#url_for.