Skip using the MassAssignmentSecurity::sanitize_for_mass_assignment if we use the strong_params.
The problem was
class User < AR:Base
def custom_name=(val) #There are no attribute with custom_name
And I need always use without_protection option for the assignment_attributes or attr_accessible, even when use permitted attributes. I think it is not corrected, when I have already permitted this attribute.
Dont use standard rails #sanitize_for_mass_assignment if strong_param…
Added tests for protected attributes.
I had a similar problem, and believe the bug is the method arguments to sanitize_for_mass_assignment in strong_parameters. See #50 for a patch.