After reading about many of the features planned for Rails 4, the one I was most excited for was form signing. It wasn’t an officially planned feature, but it was discussed here by Yehuda Katz. Some time ago DHH mentioned that it wasn’t going to end up in Rails 4. I’m not really sure why, but I guess it makes sense. It certainly isn’t a one size fits all approach to dealing with user input. I do, however, think it is a great idea for a 3rd party gem. Such a good idea, that I decided to write it.
There’s plenty of information in the README about it. But in short it generates a list of fields from those that you place in your form. It then signs those fields to be submitted along with the form. On the receiving end, if the signature of those fields is valid the controller will then permit those attributes using strong_parameters under the hood.
This means that for the most part you only have to build your form and stop worrying about slicing user input in the controller. Of course like I said this isn’t one size fits all and you’ll probably not be able to use it for all forms. There’s also a couple of caveats that are discussed in the README. But I think that for a lot (most) forms it will be a great fit and hopefully save you a lot of time and hassle.
It is a new project, so if anyone wants to contribute or has any other feedback it would be much appreciated.