Don't escape parameters by default in included rack-protection.
As @rkh claims in issue #310.
Don't escape parameters by default in included rack-protection. relat…
…es to issue #310
Thanks for the quick fix.
Small gotcha, if you define your own protection exclusions make sure you also include the one applied in the fix as your options hash overwrites the one in the fix.
set :protection, :except => [:frame_options, :escaped_params] #include escaped_params
Woooooow, thank you @gordonk, that was exactly what was biting us in the butt.
I'm afraid this ambiguity will bite anyone who tries to set :protection, :except
The basic flow is this:
"Hmm, something weird is happening.
Oh, I see sinatra tries to save me from myself. Stop that please. (setting a specific :protection, :except)
Nice, that looks like it fixed it.
Wait, why are other things breaking now?
(swear, curse, google, find this page)
IMO, If I need to change one thing, that :except should affect only the parameter I'm specifically setting, not overwrite all the defaults.