do not enable parameter escaping by default, fixes #8

sinatra · Dec 30, 2011 · ae9c330 · ae9c330
1 parent 590c0e7
commit ae9c330
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/lib/rack/protection.rb b/lib/rack/protection.rb
@@ -20,7 +20,6 @@ def self.new(app, options = {})
       # does not include: RemoteReferrer, AuthenticityToken and FormToken
       except = Array options[:except]
       Rack::Builder.new do
-        use ::Rack::Protection::EscapedParams,    options unless except.include? :escaped_params
         use ::Rack::Protection::FrameOptions,     options unless except.include? :frame_options
         use ::Rack::Protection::IPSpoofing,       options unless except.include? :ip_spoofing
         use ::Rack::Protection::JsonCsrf,         options unless except.include? :json_csrf