What is the best way to go about whitelisting?

Essentially, exactly what the title states. I've never whitelisted before and don't know where to 开发者_StackOverflowstart. Do I need a gem? Help Please

Whitelisting is a basic programming notion regarding how input to a program is regarded as valid & good or bad.

Whitelist: checks against input looking for valid conditions and proceeding if all good; aborts action by default unless all is well.

Blacklist: checks against input looking for bad input and rejecting if so; aborting the action with an error if so, otherwise proceeding with action.

The realm of possible bad inputs is infinite, the realm of possible good inputs is finite therefore:

Whitelists check input like this

if %w(some valid input).include?(params[:input])
  # proceed with action
else
  # not in whitelist, throw error
end

Blacklists: (Dont do this)

if %(some invalid input).include?(params[:input])
  # throw error, detected invalid
else
  # proceed with action
end

Always apply a whitelist logic where possible above blacklist.