diff --git a/rack-protection/lib/rack/protection/escaped_params.rb b/rack-protection/lib/rack/protection/escaped_params.rb
index 3283deca..6706d103 100644
--- a/rack-protection/lib/rack/protection/escaped_params.rb
+++ b/rack-protection/lib/rack/protection/escaped_params.rb
@@ -1,5 +1,6 @@
 require 'rack/protection'
 require 'rack/utils'
+require 'tempfile'
 
 begin
   require 'escape_utils'
@@ -66,6 +67,7 @@ module Rack
         when Hash   then escape_hash(object)
         when Array  then object.map { |o| escape(o) }
         when String then escape_string(object)
+        when Tempfile then object
         else nil
         end
       end
diff --git a/rack-protection/spec/lib/rack/protection/escaped_params_spec.rb b/rack-protection/spec/lib/rack/protection/escaped_params_spec.rb
index 40989d88..4134dc6e 100644
--- a/rack-protection/spec/lib/rack/protection/escaped_params_spec.rb
+++ b/rack-protection/spec/lib/rack/protection/escaped_params_spec.rb
@@ -37,5 +37,25 @@ describe Rack::Protection::EscapedParams do
       get '/?95df8d9bf5237ad08df3115ee74dcb10'
       expect(body).to eq('hi')
     end
+
+    it 'leaves TempFiles untouched' do
+      mock_app do |env|
+        request = Rack::Request.new(env)
+        [200, {'Content-Type' => 'text/plain'}, [request.params['file'][:filename] + "\n" + \
+                                                 request.params['file'][:tempfile].read + "\n" + \
+                                                 request.params['other']]]
+      end
+
+      temp_file = File.open('_escaped_params_tmp_file', 'w')
+      begin
+        temp_file.write('hello world')
+        temp_file.close
+
+        post '/', :file => Rack::Test::UploadedFile.new(temp_file.path), :other => '<bar>'
+        expect(body).to eq("_escaped_params_tmp_file\nhello world\n&lt;bar&gt;")
+      ensure
+        File.unlink(temp_file.path)
+      end
+    end
   end
 end