We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shouldn't :escaped_params be added here: https://github.com/sinatra/sinatra/blob/master/rack-protection/lib/rack/protection.rb#L33 ??
:escaped_params
The text was updated successfully, but these errors were encountered:
Seems like it is intentionally not included by use Rack::Protection, if that's what you mean: https://github.com/sinatra/sinatra/blob/v2.0.8.1/rack-protection/README.md#cross-site-request-forgery
use Rack::Protection
A bit hard to follow, but I think background for that exist in
Sorry, something went wrong.
I'm down with that, but it can't be activated with
set(:protection, use: [:escaped_params], escape: [:html]
Bonus quirk: the escape options passed above are used if I activate it with
escape
use Rack::Protection::EscapedParams
@baelter I think you are correct, it should be added there and off by default. Can you send up a PR to do that?
Successfully merging a pull request may close this issue.
Shouldn't
:escaped_params
be added here: https://github.com/sinatra/sinatra/blob/master/rack-protection/lib/rack/protection.rb#L33 ??The text was updated successfully, but these errors were encountered: