do not enable parameter escaping by default, fixes #8

2023-03-27 23:18:01 -04:00 · 2011-12-30 13:04:14 +01:00 · 2011-12-30 13:04:14 +01:00 · 18529c9bdd
commit 18529c9bdd
parent 7b74143147
1 changed files with 0 additions and 1 deletions
--- a/rack-protection/lib/rack/protection.rb
+++ b/rack-protection/lib/rack/protection.rb
@ -20,7 +20,6 @@ module Rack
      # does not include: RemoteReferrer, AuthenticityToken and FormToken
      except = Array options[:except]
      Rack::Builder.new do
-        use ::Rack::Protection::EscapedParams,    options unless except.include? :escaped_params
        use ::Rack::Protection::FrameOptions,     options unless except.include? :frame_options
        use ::Rack::Protection::IPSpoofing,       options unless except.include? :ip_spoofing
        use ::Rack::Protection::JsonCsrf,         options unless except.include? :json_csrf