$.allow currently seems to allow any parameters when called, even those that don't do anything. This means it is possible to use it incorrectly and not notice that it is not doing anything (since the intended behavior of $.allow in typical cases is to just double-check that the HTTP data is correct and then let the script proceed).
My suggestion is that $.allow should specifically allow only those parameters that have an effect, and throw an error if it is called in any other way. This could potentially, but less importantly, be extended to for example throwing an error if the same key is provided multiple times in an array of allowed keys.
$.allowcurrently seems to allow any parameters when called, even those that don't do anything. This means it is possible to use it incorrectly and not notice that it is not doing anything (since the intended behavior of$.allowin typical cases is to just double-check that the HTTP data is correct and then let the script proceed).My suggestion is that
$.allowshould specifically allow only those parameters that have an effect, and throw an error if it is called in any other way. This could potentially, but less importantly, be extended to for example throwing an error if the same key is provided multiple times in an array of allowed keys.