Permalink
Browse files

do not enable parameter escaping by default, fixes #8

  • Loading branch information...
1 parent 590c0e7 commit ae9c33001f6ac8e3955a76e0d11c647a3081fc58 @rkh rkh committed Dec 30, 2011
Showing with 0 additions and 1 deletion.
  1. +0 −1 lib/rack/protection.rb
View
@@ -20,7 +20,6 @@ def self.new(app, options = {})
# does not include: RemoteReferrer, AuthenticityToken and FormToken
except = Array options[:except]
Rack::Builder.new do
- use ::Rack::Protection::EscapedParams, options unless except.include? :escaped_params
use ::Rack::Protection::FrameOptions, options unless except.include? :frame_options
use ::Rack::Protection::IPSpoofing, options unless except.include? :ip_spoofing
use ::Rack::Protection::JsonCsrf, options unless except.include? :json_csrf

0 comments on commit ae9c330

Please sign in to comment.