Question regarding docs / security: "This is not an issue with mass assignment."

I have a question regarding the security documentation page: https://filamentphp.com/docs/3.x/panels/resources/security

While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.

While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.

I understand the first part (all attributes are visible, but cannot be modified by malicious users). But what does "This is not an issue with mass assignment." mean in this context?

If attributes are mass assignable, they can be changed even if there are no form fields for them? (I am not a native speaker)

Security - Panel Builder - Filament

Filament•2y ago•

4 replies

optimalspieler

Question regarding docs / security: "This is not an issue with mass assignment."

I have a question regarding the security documentation page: https://filamentphp.com/docs/3.x/panels/resources/security

While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.

While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.

Security - Panel Builder - Filament

Question regarding docs / security: "This is not an issue with mass assignment."

Similar Threads

Question regarding docs / security: "This is not an issue with mass assignment."

Similar Threads

Similar Threads

Similar Threads